一、介绍
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
- Guest 标签:用户没有身份验证时显示相应信息,即游客访问信息;
- User 标签:用户已经身份验证/记住我登录后显示相应的信息;
- Authenticated 标签:用户已经身份验证通过,即 Subject.login 登录成功,不是记住我登录的。
- notAuthenticated 标签:用户没有身份验证通过,即没有调用 Subject.login 进行登录,包括记住我自动登录
- 的也属于未进行身份验证。
- principal 标签 显示用户身份信息,默认调用 Subject.getPrincipal()获取,即 Primary Principal。
- hasRole 标签 如果当前 Subject 有角色将显示 body 体内容。
- lacksRole 标签 如果当前 Subject 没有角色将显示 body 体内容。
- hasAnyRoles 标签 如果当前 Subject 有任意一个角色(或的关系)将显示 body 体内容。
- hasPermission 标签 如果当前 Subject 有权限将显示 body 体内容。
- lacksPermission 标签 如果当前 Subject 没有权限将显示 body 体内容。
- WEB-INFO/shiro.ini
[main] authc.loginUrl = /login [users] admin=123,admin user1=456,user zs=159 [roles] admin=admin:*,users:* user=users:* [urls] /admin/** = authc,roles[admin] /users/list.jsp=authc,perms[users:list1] /users/**=authc /login.jsp = anon /logout=logout
- url为“/login”的servlet
package servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; /** * Servlet implementation class LoginServlet */ public class LoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse * response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getRequestDispatcher("/commons/login.jsp").forward(request, response); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse * response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String userName = request.getParameter("username"); String passWord = request.getParameter("password"); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord); String emsg = null; try { subject.login(token); } catch (UnknownAccountException e) { emsg = "用户名错误"; } catch (IncorrectCredentialsException e) { emsg = "密码错误"; } catch (AuthenticationException e) { emsg = "其他异常=" + e.getMessage(); } if (emsg != null) { // 说明有异常 request.setAttribute("emsg", emsg); request.getRequestDispatcher("/commons/login.jsp").forward(request, response); }else{ request.getRequestDispatcher("/index.jsp").forward(request, response); } } }
- index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <% String path = request.getContextPath(); %> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <h2 style="color: red"> welcome <shiro:principal></shiro:principal> </h2> <shiro:guest> <a href="<%=path%>/login">用户登录</a> </shiro:guest> <shiro:user> <shiro:hasPermission name="users:add"> <a href="<%=path%>/users/add.jsp">新增用户</a> </shiro:hasPermission> <shiro:hasPermission name="users:list"> <a href="<%=path%>/users/list.jsp">用户列表</a> </shiro:hasPermission> <shiro:hasRole name="admin"> <a href="<%=path%>/admin/admin.jsp">管理界面</a> </shiro:hasRole> <a href="<%=path%>/logout">退出登录</a> </shiro:user> </body> </html>
结果:
