1 前言 :?

shiro代碼參考java1234網(wǎng)站《一頭扎進shiro》視頻敲出來的，原理這些請參視頻 ,

點擊?下載源碼

點擊 下載數(shù)據(jù)庫

2 項目結構圖

3 代碼

MyRealm.java

package nufront.shiro.action;import java.sql.Connection;import nufront.shiro.daoImpl.UserDaoImpl; import nufront.shiro.entity.User; import nufront.shiro.util.DButil;import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection;public class MyRealm extends AuthorizingRealm{/*** 為當前用戶授權* */@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {//取得用戶名String userName = (String)principals.getPrimaryPrincipal();//為當前用戶授予角色和權限SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();UserDaoImpl userDaoImpl = new UserDaoImpl();Connection conn = DButil.getConn();try {simpleAuthorizationInfo.setRoles(userDaoImpl.getUserRolesByUserName(conn, userName));simpleAuthorizationInfo.setStringPermissions(userDaoImpl.getUserPermissionsByUserName(conn, userName));} catch (Exception e) {e.printStackTrace();}return simpleAuthorizationInfo;}/*** 驗證當前用戶* */@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {//取得當前用戶String userName = (String) token.getPrincipal();UserDaoImpl userDaoImpl = new UserDaoImpl();User user = null;try {user = userDaoImpl.getUserByUserName(DButil.getConn(), userName);if(user!=null){//將數(shù)據(jù)庫用戶信息保存在AuthenticationInfo以便和用戶提交過來的信息做對比AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"");return authenticationInfo;}else{return null;}} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();}//驗證用戶return null;}}
UserDao.java

package nufront.shiro.dao;import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.util.Set;import nufront.shiro.entity.User;public interface UserDao {public User getUserByUserName(Connection conn,String userName) throws Exception;public Set<String> getUserRolesByUserName(Connection conn,String userName) throws Exception;public Set<String> getUserPermissionsByUserName(Connection conn,String userName) throws Exception; } UserDaoImpl.java

package nufront.shiro.daoImpl;import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.util.HashSet; import java.util.Set;import nufront.shiro.dao.UserDao; import nufront.shiro.entity.User;public class UserDaoImpl implements UserDao{@Overridepublic User getUserByUserName(Connection conn,String userName) throws Exception{User user = null;String sql = "SELECT * FROM users WHERE username=?";PreparedStatement pstmt;try {pstmt = (PreparedStatement)conn.prepareStatement(sql);pstmt.setString(1, userName);ResultSet rs = pstmt.executeQuery();while (rs.next()) {user =new User();user.setId(rs.getInt("id"));user.setUserName(rs.getString("username"));user.setPassword(rs.getString("password"));break;}} catch (SQLException e) {e.printStackTrace();}return user;}@Overridepublic Set<String> getUserRolesByUserName(Connection conn, String userName)throws Exception {Set<String> roleSet = new HashSet();String sql = "SELECT role.roleName as role FROM users,user_role ur,role WHERE users.username=? AND ur.userId=users.id AND role.id=ur.roleId";PreparedStatement pstmt;try {pstmt = (PreparedStatement)conn.prepareStatement(sql);pstmt.setString(1, userName);ResultSet rs = pstmt.executeQuery();while (rs.next()) {roleSet.add(rs.getString("role"));}} catch (SQLException e) {e.printStackTrace();}return roleSet;}@Overridepublic Set<String> getUserPermissionsByUserName(Connection conn,String userName) throws Exception {Set<String> permissionsSet = new HashSet();String sql = "SELECT p.permissionName as permission FROM users,user_role ur,role,permission p WHERE users.username=? AND ur.userId=users.id AND role.id=ur.roleId AND p.roleId=role.id";PreparedStatement pstmt;try {pstmt = (PreparedStatement)conn.prepareStatement(sql);pstmt.setString(1, userName);ResultSet rs = pstmt.executeQuery();while (rs.next()) {permissionsSet.add(rs.getString("permission"));}} catch (SQLException e) {e.printStackTrace();}return permissionsSet;} } User.java

package nufront.shiro.entity;public class User {private int id;private String userName;private String password;public int getId() {return id;}public void setId(int id) {this.id = id;}public String getUserName() {return userName;}public void setUserName(String userName) {this.userName = userName;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}}
AdminServlet.java

/*** */ package nufront.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;/*** @author Administrator**/ public class AdminServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {System.out.println("admin doGet");req.getRequestDispatcher("/jsp/admin.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {}}
LoginServlet.java

/*** */ package nufront.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject;/*** @author Administrator**/ public class LoginServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {System.out.println("loginServlet doGet");String username = req.getParameter("username");String password = req.getParameter("password");Subject subject = SecurityUtils.getSubject();UsernamePasswordToken token = new UsernamePasswordToken(username,password);try{subject.login(token);}catch(Exception e){e.printStackTrace();System.out.println("here test");req.setAttribute("messageTips", "登錄失敗");req.getRequestDispatcher("/jsp/login.jsp").forward(req, resp);}req.getRequestDispatcher("index.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {}}
StudentServlet

/*** */ package nufront.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject;/*** @author Administrator**/ public class StudentServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {System.out.println("student servlet");req.getRequestDispatcher("index.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {}}
TeacherServlet.java

/*** */ package nufront.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject;/*** @author Administrator**/ public class TeacherServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {System.out.println("teacher servlet");req.getRequestDispatcher("index.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {}}
DButil.java

package nufront.shiro.util;import java.sql.Connection; import java.sql.DriverManager; import java.sql.SQLException;public class DButil {public static Connection getConn(){Connection con = null;try{ //加載MySql的驅動類 Class.forName("com.mysql.jdbc.Driver") ; }catch(ClassNotFoundException e){ System.out.println("找不到驅動程序類 ，加載驅動失敗！"); e.printStackTrace() ; } String url = "jdbc:mysql://localhost:3306/shiro";String username = "root";String password = "root";try {con = DriverManager.getConnection(url, username, password);} catch (Exception se) {System.out.println("數(shù)據(jù)庫連接失敗！");se.printStackTrace();}return con;}public static void close(Connection conn){if(conn!=null){try {conn.close();} catch (SQLException e) {e.printStackTrace();}}}}
shiro.ini

[main] authc.loginUrl=/login roles.unauthorizedUrl=/jsp/unauthorized.jsp ;roles.unauthorizedUrl角色不足跳轉的頁面 perms.unauthorizedUrl=/jsp/unauthorized.jsp ;perms.unauthorizedUrl權限不足跳轉的頁面 myRealm=nufront.shiro.action.MyRealm ;自定義myRealm securityManager.realms=$myRealm ;定義securityManager,如果有多個realm需要用逗號隔開 [urls] /login=anon ;anon為游客身份登錄 /admin*=authc ;authc為form需要身份認證 /student=roles[teacher] ;請求student需要teacher角色 /teacher=perms[student:*] ;請求teacher需要student:*權限

admin.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><title>My JSP 'login.jsp' starting page</title></head><body>welcome to admin page </body> </html>
login.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><title>My JSP 'login.jsp' starting page</title></head><body>${requestScope.messageTips }<form action="login" method="get">username : <input type="text" name="username"/><br/>password : <input type="text" name="password"/><br/><input type="submit" value="登錄"/></form></body> </html>
unauthorized.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><title>My JSP 'unauthorized.jsp' starting page</title></head><body>role not pass</body> </html>
web.xml

<?xml version="1.0" encoding="utf-8"?> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"><welcome-file-list><welcome-file>/jsp/login.jsp</welcome-file></welcome-file-list><!-- 添加shiro相關配置 開始 --><listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></listener><filter><filter-name>ShiroFilter</filter-name><filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class><init-param><param-name>configPath</param-name><param-value>/WEB-INF/shiro.ini</param-value></init-param> </filter><filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- 添加shiro相關配置 結束 --><!-- servlet配置 開始 --><servlet><servlet-name>loginServlet</servlet-name><servlet-class>nufront.shiro.servlet.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>loginServlet</servlet-name><url-pattern>/login</url-pattern></servlet-mapping><servlet><servlet-name>adminServlet</servlet-name><servlet-class>nufront.shiro.servlet.AdminServlet</servlet-class></servlet><servlet-mapping><servlet-name>adminServlet</servlet-name><url-pattern>/admin</url-pattern></servlet-mapping><servlet><servlet-name>studentServlet</servlet-name><servlet-class>nufront.shiro.servlet.StudentServlet</servlet-class></servlet><servlet-mapping><servlet-name>studentServlet</servlet-name><url-pattern>/student</url-pattern></servlet-mapping><servlet><servlet-name>teacherServlet</servlet-name><servlet-class>nufront.shiro.servlet.TeacherServlet</servlet-class></servlet><servlet-mapping><servlet-name>teacherServlet</servlet-name><url-pattern>/teacher</url-pattern></servlet-mapping><!-- servlet配置 結束 --> </web-app>
index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <!-- 添加shiro標簽 --> <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head></head><body>index.jsp </br><!-- 假設有admin角色 --><shiro:hasRole name="admin">you have admin role</br></shiro:hasRole><shiro:hasRole name="teacher">you have teacher role</br></shiro:hasRole><!-- 假設有student:* 權限 --><shiro:hasPermission name="student:*">you have student:* permisson</br></shiro:hasPermission><!-- 假設有user:* 權限 --><shiro:hasPermission name="user:*">you have user:* permisson</br></shiro:hasPermission></body> </html>

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>shiro.leanring</groupId><artifactId>shiro</artifactId><version>0.0.1-SNAPSHOT</version><packaging>jar</packaging><properties><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding></properties><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version><scope>test</scope></dependency><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>javax.servlet.jsp-api</artifactId><version>2.3.1</version></dependency><dependency><groupId>jstl</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><!-- 添加 shiro需要一些包 開始 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.12</version></dependency> <!-- 添加 shiro需要一些包 結束 --><!-- 添加數(shù)據(jù)源 開始 --><dependency><groupId>c3p0</groupId><artifactId>c3p0</artifactId><version>0.9.1.2</version></dependency><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>5.1.37</version></dependency><!-- 添加數(shù)據(jù)源 結束 --></dependencies> </project>
4 訪問結果

總結

以上是生活随笔為你收集整理的(六) shiro在web中自定义Realm的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內容還不錯，歡迎將生活随笔推薦給好友。