Shiro SpringMVC 非maven HelloWorld-白红宇

Shiro SpringMVC 非maven HelloWorld

阅读量：5768 次

发布时间：2019-06-18

本文共 6209 字，大约阅读时间需要 20 分钟。

项目用到Shiro就从网上找一些案例看看吧，结果看了很多都是maven的，没有办法就自己弄了一个。废话不多说，原理自己找开始上菜。

配置web.xml


     
       
          
       
        contextConfigLocation
           
       
        classpath:applicationContext.xml
         
        
          
       
        org.springframework.web.context.ContextLoaderListener
         
        
          
       
        spring
           
       
        org.springframework.web.servlet.DispatcherServlet
           
       
        1
         
        
          
       
        spring
           
       
        /
         
        
          
       
        shiroFilter
           
       
        org.springframework.web.filter.DelegatingFilterProxy
           
             
        
         targetFilterLifecycle
              
        
         true
            
         
        
          
       
        shiroFilter
           
       
        /*

spring-servlet.xml与web.xml同目录

ehcache.xml

-->

-->

applicationContext.xml


     
          
               
              
               
           			
                
           
          
               
                     
            
             
               
                
           
                  
                 
          
               
          
              
           
          
               
              
               
               
               
                                       
                    
                   
        
                         /login.jsp = anon                /shiro/login = anon                /shiro/logout = logout                                # everything else requires authentication:                /** = authc

ShiroHandler.java

package com.lkk.shiro.handlers;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestParam;@Controller@RequestMapping("/shiro")public class ShiroHandler {	@RequestMapping("/login")	public String login(@RequestParam("username") String username, 			@RequestParam("password") String password){						Subject currentUser = SecurityUtils.getSubject();				if (!currentUser.isAuthenticated()) {        	// 把用户名和密码封装为 UsernamePasswordToken 对象            UsernamePasswordToken token = new UsernamePasswordToken(username, password);            // rememberme            token.setRememberMe(true);            try {            	System.out.println("1. " + token.hashCode());            	// 执行登录.                 currentUser.login(token);            }             // ... catch more exceptions here (maybe custom ones specific to your application?            // 所有认证时异常的父类.             catch (AuthenticationException ae) {                //unexpected condition?  error?            	System.out.println("登录失败: " + ae.getMessage());            }        }				return "redirect:/list.jsp";		//return "list";	}	}

ShiroRealm.java

package com.lkk.shiro.realms;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.LockedAccountException;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.realm.Realm;import org.apache.shiro.subject.PrincipalCollection;public class ShiroRealm extends AuthorizingRealm{	@Override	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {		// TODO Auto-generated method stub		return null;	}	@Override	protected AuthenticationInfo doGetAuthenticationInfo(			AuthenticationToken token) throws AuthenticationException {		// TODO Auto-generated method stubSystem.out.println("[FirstRealm] doGetAuthenticationInfo");				//1. 把 AuthenticationToken 转换为 UsernamePasswordToken 		UsernamePasswordToken upToken = (UsernamePasswordToken) token;				//2. 从 UsernamePasswordToken 中来获取 username		String username = upToken.getUsername();				//3. 调用数据库的方法, 从数据库中查询 username 对应的用户记录		System.out.println("从数据库中获取 username: " + username + " 所对应的用户信息.");		//4. 若用户不存在, 则可以抛出 UnknownAccountException 异常		if("unknown".equals(username)){			throw new UnknownAccountException("用户不存在!");		}				//5. 根据用户信息的情况, 决定是否需要抛出其他的 AuthenticationException 异常. 		if("monster".equals(username)){			throw new LockedAccountException("用户被锁定");		}				//6. 根据用户的情况, 来构建 AuthenticationInfo 对象并返回. 通常使用的实现类为: SimpleAuthenticationInfo		//以下信息是从数据库中获取的.		//1). principal: 认证的实体信息. 可以是 username, 也可以是数据表对应的用户的实体类对象. 		Object principal = username;		//2). credentials: 密码. 		Object credentials ="123"; 		//3). realmName: 当前 realm 对象的 name. 调用父类的 getName() 方法即可		String realmName = getName();						SimpleAuthenticationInfo info = null; //new SimpleAuthenticationInfo(principal, credentials, realmName);		info = new SimpleAuthenticationInfo(principal, credentials,  realmName);		return info;			}				}

list.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"    pageEncoding="ISO-8859-1"%>
     Insert title here		hello world
	注销

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"    pageEncoding="ISO-8859-1"%>
     Insert title here		Login Page
	
     
      		username: 
      		
      
      
				password: