使用Apache Shiro進行身份認證

jopen 11年前發布 | 32K 次閱讀 Shiro 安全相關 Apache Shiro

本文介紹了如何在WEB應用中使用Shiro進行身份認證。

在web.xml文件中配置一個Servlet ContextListener的監聽器和Filter過濾器。

<listener>
        <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
    </listener>
    <filter>
        <filter-name>ShiroFilter</filter-name>
        <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
    </filter>



<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/login.do</url-pattern>
</filter-mapping></pre><br />



JSP頁面提交用戶名和口令。




<FORM name="form1" action="login.do" method="POST">
    <TABLE cellSpacing=0 cellPadding=0 align=center
        border=0>
        <TBODY>
            <TR>
                <TD width=250>
                    <TABLE cellSpacing=3 cellPadding=0 border=0>
                        <TBODY>
                            <TR>
                                <TD width=90><IMG height=29
                                    src="images/title_yhm.gif" width=90></TD>
                                <TD><INPUT class=logininput name=loginName>
                                </TD>
                            </TR>
                            <TR>
                                <TD width=90><IMG height=27
                                    src="images/title_mima.gif" width=90></TD>
                                <TD><INPUT class=logininput type=password
                                    name=password></TD>
                            </TR>
                            <TR>
                                <TD width=90></TD>
                                <TD align="right"></TD>
                            </TR>
                        </TBODY>
                    </TABLE>
                </TD>
                <TD vAlign=top>
                    <TABLE cellSpacing=6 cellPadding=0 border=0>
                        <TBODY>
                            <TR>
                                <TD><IMG style="CURSOR: hand"
                                    onclick=doSubmit() height=35
                                    src="images/button_login.gif" width=77
                                    border=0></TD>
                            </TR>
                        </TBODY>
                    </TABLE>
                </TD>
            </TR>
        </TBODY>
    </TABLE>
</FORM>


Shiro的配置文件,/WEB-INF/Shiro.ini。




main]
ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource

ds.serverName = 127.0.0.1
ds.user = root
ds.password = 123456
ds.databaseName = shiro

ds.url = jdbc:mysql://127.0.0.1:3306/shiro

jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm

jdbcRealm.permissionsLookupEnabled = true

jdbcRealm.authenticationQuery = SELECT password FROM user_credence_information WHERE username = ?

jdbcRealm.dataSource = $ds


shiro.loginUrl = /login.jsp


[users]


format: username = password, role1, role2, ..., roleN


[roles]


format: roleName = permission1, permission2, ..., permissionN


[urls]


The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but


the 'authc' filter must still be specified for it so it can process that url's


login submissions. It is 'smart' enough to allow those requests through as specified by the


shiro.loginUrl above.


/success.jsp = authc</pre>

服務端認證程序。




public class LoginController implements Controller {
    private static final Log log = LogFactory.getLog(LoginController.class);
    protected ErrMg error;



public ModelAndView doReturnError(HttpServletRequest request,
        HttpServletResponse response, ErrMg message, String errpath) {
    request.setAttribute("Error_Message", message);
    return new ModelAndView(errpath);

}

public ModelAndView handleRequest(HttpServletRequest request,
        HttpServletResponse response) throws Exception {
    String loginName = request.getParameter("loginName");
    String loginPwd = request.getParameter("password");
    log.info("用戶認證開始:" + loginName + " , " + loginPwd);
    String userid = null;
    String username = null;
    error = new ErrMg();
    AuthenticationToken token = new UsernamePasswordToken(loginName,
            loginPwd);
    Subject currentUser = SecurityUtils.getSubject();
    try {
        currentUser.login(token);
        userid = (String)currentUser.getPrincipal();
        log.info( "User [" + currentUser.getPrincipal() + "] logged in successfully." );
        log.info("用戶認證完畢:" + loginName + " , " + userid);
        HttpSession session = request.getSession(true);
        session.setAttribute("USERINFORMATION", userid);
        session.setAttribute("USERNAME", userid);
        return new ModelAndView("success.jsp");
    } catch (UnknownAccountException uae) {
        log.info("用戶認證失敗:" + "username wasn't in the system.");
        error.setErrorMessage("username wasn't in the system.");
    } catch (IncorrectCredentialsException ice) {
        log.info("用戶認證失敗:" + "password didn't match.");
        error.setErrorMessage("password didn't match.");
    } catch (LockedAccountException lae) {
        log.info("用戶認證失敗:" + "account for that username is locked - can't login.");
        error.setErrorMessage("account for that username is locked - can't login.");
    } catch (AuthenticationException ae) {
        log.info("用戶認證失敗:" + "unexpected condition.");
        error.setErrorMessage("unexpected condition.");
    }

    return this.doReturnError(request, response, error, "error.jsp");
}




}</pre>

來自:http://blog.csdn.net/peterwanghao/article/details/7360879
 本文由用戶 jopen 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
 轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
 本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!