shiro-web-01

package cn.mldn.realm;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.IncorrectCredentialsException;import org.apache.shiro.authc.SimpleAccount;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import cn.mldn.service.MemberLoginService;import cn.mldn.vo.Member;public class MyRealm extends AuthorizingRealm { ???@Override ???protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { ???????System.out.println("*********** 1、用户登录认证操作的处理 ??doGetAuthenticationInfo ***********"); ???????// 登录认证的方法先执行，需要用它来判断登录的用户信息是否合法 ???????String username = (String) token.getPrincipal() ; // 取得用户名 ???????MemberLoginService service = new MemberLoginService() ; ???????Member vo = service.get(username) ; // 取得的是用户的信息 ???????service.close(); ???????if (vo == null) { ???????????throw new UnknownAccountException("该用户不存在！"); ???????} ???????else { ?//进心密码验证处理 ???????????String password = new String((char []) token.getCredentials()); ???????????// 将数据库中的密码与输入的密码进行比较，这样就可以确定当前用户是否可以正常的登录了。 ???????????if(vo.getPassword().equals(password)) { ???????????????AuthenticationInfo auth = new SimpleAuthenticationInfo(username,password,"memberRealm"); ???????????????return auth ; ???????????} ???????????else { ???????????????throw new IncorrectCredentialsException("密码错误"); ???????????} ???????} ???} ???????@Override ???protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { ???????System.out.println("*********** 2、用户角色与权限 doGetAuthorizationInfo ?***********"); ???????String username = (String) principals.getPrimaryPrincipal() ; // 取得用户名 ???????SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo() ; // 定义授权信息的返回处理 ???????MemberLoginService service = new MemberLoginService() ; ???????auth.setRoles(service.listRolesByMember(username)); // 所有的角色必须以set集合出现 ???????auth.setStringPermissions(service.listActionsByMember(username)); ???????service.close(); ???????????????????????return null; ???} ???}

package cn.mldn.service;import java.sql.Connection;import java.sql.DriverManager;import java.sql.PreparedStatement;import java.sql.ResultSet;import java.sql.SQLException;import java.util.HashSet;import java.util.Set;import org.gjt.mm.mysql.Driver;import cn.mldn.vo.Member;public class MemberLoginService { ???private Connection conn ; ???????private static final String DBDRIVER = "org.gjt.mm.mysql.Driver" ; ???private static final String DBURL ?= ??"jdbc:mysql://192.168.43.3:3306/shirodb" ; ???private static final String DBUSER = "root" ; ???private static final String PASSWORD = "mysqladmin" ; ???private PreparedStatement pstmt = null ; ???public MemberLoginService () { ???????this.connectDataBase(); ???} ???????public Member get (String username) { ???????Member vo = null ; ???????try { ???????????String sql = "SELECT mid , password FROM member WHERE mid=?" ; ???????????this.pstmt = this.conn.prepareStatement(sql); ???????????this.pstmt.setString(1, username); ???????????ResultSet rs = this.pstmt.executeQuery(); ????????????????????????if (rs.next()) { ???????????????vo = new Member() ; ???????????????vo.setMid(rs.getString(1)); ???????????????vo.setPassword(rs.getString(2)); ???????????} ???????????????????} catch (SQLException e) { ???????????// TODO Auto-generated catch block ???????????e.printStackTrace(); ???????} ???????????????return vo ; ???} ???????/** ????* ?SELECT flag FROM role WHERE rid IN ( ????* ?????SELECT rid FROM member_role WHERE mid=? ) ????*/ ???public Set<String> listRolesByMember(String mid) { ???????Set<String> allRoles = new HashSet<String>() ; ???????String sql = " SELECT flag FROM role WHERE rid IN ( SELECT rid FROM member_role WHERE mid=? )" ; ???????????????try { ???????????this.pstmt = this.conn.prepareStatement(sql) ; ???????????this.pstmt.setString(1, mid); ???????????ResultSet rs = this.pstmt.executeQuery() ; ???????????while(rs.next()){ ???????????????allRoles.add(rs.getString(1)) ; ???????????} ???????} catch (Exception e) { ???????????// TODO Auto-generated catch block ???????????e.printStackTrace(); ???????} ???????return allRoles; ???} ???????/** ????* ?????* @param mid ????* @return ????*/ ???public Set<String> listActionsByMember(String mid) { ???????Set<String> allActions = new HashSet<String>() ; ???????String sql = " SELECT flag FROM action WHERE actid IN ( SELECT actid FROM role_action WHERE rid in (" ???????????????+ "SELECT rid FROM member_role WHERE mid=?" ???????????????+ ") )" ; ???????????????try { ???????????this.pstmt = this.conn.prepareStatement(sql) ; ???????????this.pstmt.setString(1, mid); ???????????ResultSet rs = this.pstmt.executeQuery() ; ???????????while(rs.next()){ ???????????????allActions.add(rs.getString(1)) ; ???????????} ???????} catch (Exception e) { ???????????// TODO Auto-generated catch block ???????????e.printStackTrace(); ???????} ???????return allActions; ???} ???????????public void close() { ???????if(this.conn != null){ ???????????try { ???????????????this.conn.close(); ???????????} catch (SQLException e) { ???????????????// TODO Auto-generated catch block ???????????????e.printStackTrace(); ???????????} ???????} ???} ???????private void connectDataBase(){ ???????try { ???????????Class.forName(DBDRIVER); ???????????this.conn = DriverManager.getConnection(DBURL,DBUSER,PASSWORD); ???????????????????} catch (Exception e) { ???????????// TODO Auto-generated catch block ???????????e.printStackTrace(); ???????} ???} }

package cn.mldn.vo;import java.io.Serializable;public class Member implements Serializable { ???private String mid ; ???private String name ; ???private String password ; ???public String getMid() { ???????return mid; ???} ???public void setMid(String mid) { ???????this.mid = mid; ???} ???public String getName() { ???????return name; ???} ???public void setName(String name) { ???????this.name = name; ???} ???public String getPassword() { ???????return password; ???} ???public void setPassword(String password) { ???????this.password = password; ???} ???}

package cn.mldn.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;@SuppressWarnings("serial")@WebServlet("/LoginServlet")public class LoginServlet extends HttpServlet { ???protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ???????String mid = request.getParameter("mid") ; ???????String password = request.getParameter("password") ; ???????Subject subject = SecurityUtils.getSubject() ; ???????UsernamePasswordToken token = new UsernamePasswordToken(mid, password) ; ???????subject.login(token); ???????request.getRequestDispatcher("/pages/welcome.jsp").forward(request, response); ???} ???protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ???????doGet(request, response); ???}}

[main]# 如果现在认证失败，则跳转到loginUrl配置路径authc.loginUrl=/login.jspjdbcRealm=cn.mldn.realm.MyRealmsecurityManager.realms=$jdbcRealm[urls]# 登陆页面不需要进行检测处理的/shiroLogin=anon# 指定的页面需要进行登录检测的/pages/welcome.jsp=authc

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> ?<display-name>shirodemo</display-name> ?<welcome-file-list> ???<welcome-file>index.html</welcome-file> ???<welcome-file>index.htm</welcome-file> ???<welcome-file>index.jsp</welcome-file> ???<welcome-file>default.html</welcome-file> ???<welcome-file>default.htm</welcome-file> ???<welcome-file>default.jsp</welcome-file> ?</welcome-file-list> ?<listener> ???<listener-class> ???????????org.apache.shiro.web.env.EnvironmentLoaderListener ???????</listener-class> ?</listener> ?<filter> ???<filter-name>ShiroFilter</filter-name> ???<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> ???<init-param> ?????<param-name>configPath</param-name> ?????<param-value>classpath:shiro.ini</param-value> ???</init-param> ?</filter> ?<filter-mapping> ???<filter-name>ShiroFilter</filter-name> ???<url-pattern>/*</url-pattern> ???<dispatcher>REQUEST</dispatcher> ???<dispatcher>FORWARD</dispatcher> ???<dispatcher>INCLUDE</dispatcher> ???<dispatcher>ERROR</dispatcher> ?</filter-mapping></web-app>

<%@ page language="java" ?pageEncoding="UTF-8"%><% ???String path = request.getContextPath() ; ???String basePath = request.getScheme() + "://" +request.getServerName() ????+ ":" +request.getServerPort() + path + "/" ;%><html><head><base href="<%=basePath%>"><title>Shiro Login Demo</title></head><body> ???<form action="LoginServlet" method="post"> ???????用户名： <input type="text" name="mid" id="mid" > ?<br> ???????密码： ???<input type="password" name="password" id="password" > ?<br> ???????<input type="submit" value="提交"> ???</form></body></html>

<%@ page language="java" ?pageEncoding="UTF-8"%><html><head><title>Insert title here</title></head><body> ???<h1>Welcome !</h1></body></html>