Shiro与Servlet、jsp、jdbc、Web整合
创建maven项目
1、添加依赖
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.qfedu</groupId>
<artifactId>Day47_shiro_web</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.44</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.6</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.0.2</version>
</dependency>
</dependencies>
<build>
<plugins>
<!-- define the project compile level -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<!-- 添加tomcat插件 -->
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<path>/</path>
<port>8888</port>
</configuration>
</plugin>
</plugins>
</build>
</project>
2、资源配置 resources目录下
db.properties
driver=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/rbac?useSSL=true&serverTimezone=UTC&characterEncoding=UTF-8
user=root
pass=123456
shiro.ini 文件名与默认文件名保持一致
[main]
myRealm=com.qfedu.shiro.MyRealm
securityManager.realm=$myRealm
authc=org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl=/index.html
[urls]
/index.html=anon
/main.jsp=authc
/manager.jsp=authc,roles[manager]
/guest.jsp=authc,roles[guest]
/select.jsp=perms[select]
/delete.jsp=perms[delete]
3、工具类util
单例类:Env.java
package com.qfedu.util;
import java.io.IOException;
import java.util.Properties;
public class Env extends Properties {
private Env(){
try {
load(getClass().getResourceAsStream("/db.properties"));
}catch(IOException e){
e.printStackTrace();
}
}
public static Env getInstance(){
return new Env();
}
}
C3P0Utils.java
package com.qfedu.util;
import com.mchange.v2.c3p0.ComboPooledDataSource;
import java.beans.PropertyVetoException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class C3P0Utils {
private static final String DB_URL= Env.getInstance().getProperty("url");
private static final String DB_DRIVER= Env.getInstance().getProperty("driver");
private static final String DB_USERNAME= Env.getInstance().getProperty("user");
private static final String DB_PASSWORD= Env.getInstance().getProperty("pass");
public static Connection getConnection(){
Connection conn = null;
try {
ComboPooledDataSource ds = new ComboPooledDataSource();
ds.setDriverClass(DB_DRIVER);
ds.setJdbcUrl(DB_URL);
ds.setUser(DB_USERNAME);
ds.setPassword(DB_PASSWORD);
conn = ds.getConnection();
} catch (PropertyVetoException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}
return conn;
}
public static void closeAll(Connection conn, PreparedStatement ptst, ResultSet rs){
try {
if(rs != null){
rs.close();
rs = null;
}
if(ptst != null){
ptst.close();
ptst = null;
}
if(conn != null){
conn.close();
conn = null;
}
} catch (SQLException e) {
e.printStackTrace();
}
}
}
5、Realm类
package com.qfedu.shiro;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import com.qfedu.service.IUserService;
import com.qfedu.service.impl.IUserServiceImpl;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import javax.annotation.Resource;
import java.util.List;
public class MyRealm extends AuthorizingRealm {
FormAuthenticationFilter f;
private IUserService iUserService =new IUserServiceImpl();
//权限
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
String username = getAvailablePrincipal(principals).toString();
List<Role> list = iUserService.getAllRolesByName(username);
for (Role r : list) {
info.addRole(r.getRname());
}
List<Permission> permissionList = iUserService.getAllPermissionsByName(username);
for (Permission p : permissionList) {
info.addStringPermission(p.getPname());
}
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
AuthenticationInfo info = null;
UsernamePasswordToken tk = (UsernamePasswordToken) token;
String username = tk.getUsername();
char[] password = tk.getPassword();
String pass = new String(password);
User u = iUserService.login(username, pass);
if (u != null && u.getUid() != 0){
info = new SimpleAuthenticationInfo(username, pass, getName());
}
return info;
}
}
5、实体类
User.java
package com.qfedu.entity;
import lombok.Data;
import java.io.Serializable;
/**
* (User)实体类
*
* @author makejava
* @since 2020-04-14 22:51:38
*/
@Data
public class User implements Serializable {
private static final long serialVersionUID = -16675995409658143L;
private Integer uid;
private String username;
private String password;
private String tel;
private String addr;
}
Role.java
package com.qfedu.entity;
import lombok.Data;
import java.io.Serializable;
import java.util.Set;
/**
* (Role)实体类
*
* @author makejava
* @since 2020-04-14 22:51:37
*/
@Data
public class Role implements Serializable {
private static final long serialVersionUID = -92607349256116667L;
private Integer rid;
private String rname;
private String rdesc;
private Set<Permission> ps;
}
Permission.java
package com.qfedu.entity;
import lombok.Data;
import java.io.Serializable;
import java.util.Set;
/**
* (Permission)实体类
*
* @author makejava
* @since 2020-04-14 22:51:38
*/
@Data
public class Permission implements Serializable {
private static final long serialVersionUID = -19226561129928992L;
private Integer pid;
private String pname;
private String pdesc;
private Set<Role> rs;
}
6、业务类Dao
IUserDao.java
package com.qfedu.dao;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import java.util.List;
public interface IUserDao {
User login(String name,String pass);
List<Role> getAllRolesByName(String name);
List<Permission> getAllPermissionsByName(String name);
}
IUserDaoImpl.java
package com.qfedu.dao.impl;
import com.qfedu.dao.IUserDao;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import com.qfedu.util.C3P0Utils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
public class IUserDaoImpl implements IUserDao {
private Connection conn=null;
private PreparedStatement prps=null;
private ResultSet rs=null;
@Override
public User login(String username, String pass) {
User u=null;
try {
conn=C3P0Utils.getConnection();
String sql="select * from user where username=? and password=?";
prps=conn.prepareStatement(sql);
prps.setString(1,username);
prps.setString(2,pass);
rs=prps.executeQuery();
if(rs.next()){
u=new User();
u.setUid(rs.getInt(1));
u.setUsername(rs.getString(2));
u.setPassword(rs.getString(3));
u.setTel(rs.getString(4));
u.setAddr(rs.getString(5));
}
} catch (Exception e) {
e.printStackTrace();
}finally {
C3P0Utils.closeAll(conn,prps,rs);
}
return u;
}
@Override
public List<Role> getAllRolesByName(String username) {
List<Role> list = null;
try {
conn = C3P0Utils.getConnection();
String sql = "SELECT r.* \n" +
"\tFROM `user` u\n" +
"\tINNER JOIN user_role ur on u.uid = ur.uid\n" +
"\tINNER JOIN role r on ur.rid = r.rid\n" +
"\twhere u.username = ? ";
prps = conn.prepareStatement(sql);
prps.setString(1,username);
rs = prps.executeQuery();
if(rs != null){
list = new ArrayList<>();
Role r = null;
while (rs.next()){
r = new Role();
r.setRid(rs.getInt(1));
r.setRname(rs.getString(2));
r.setRdesc(rs.getString(3));
list.add(r);
}
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
C3P0Utils.closeAll(conn, prps, rs);
}
return list;
}
@Override
public List<Permission> getAllPermissionsByName(String username) {
List<Permission> list = null;
try {
conn = C3P0Utils.getConnection();
String sql = "SELECT p.* \n" +
"\tFROM `user` u\n" +
"\tINNER JOIN user_role ur on u.uid = ur.uid\n" +
"\tINNER JOIN role r on ur.rid = r.rid\n" +
"\tINNER JOIN role_perms rp on r.rid = rp.rid\n" +
"\tINNER JOIN permission p on rp.pid = p.pid\n" +
"\twhere u.username = ?";
prps = conn.prepareStatement(sql);
prps.setString(1, username);
rs = prps.executeQuery();
if(rs != null){
list = new ArrayList<>();
Permission r = null;
while (rs.next()){
r = new Permission();
r.setPid(rs.getInt(1));
r.setPname(rs.getString(2));
r.setPdesc(rs.getString(3));
list.add(r);
}
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
C3P0Utils.closeAll(conn, prps, rs);
}
return list;
}
}
7、服务类Service
IUserService.java
package com.qfedu.service;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import java.util.List;
public interface IUserService {
User login(String name, String pass);
List<Role> getAllRolesByName(String name);
List<Permission> getAllPermissionsByName(String name);
}
IUserServiceImpl.java
package com.qfedu.service.impl;
import com.qfedu.dao.IUserDao;
import com.qfedu.dao.impl.IUserDaoImpl;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import com.qfedu.service.IUserService;
import javax.annotation.Resource;
import java.util.List;
public class IUserServiceImpl implements IUserService {
private IUserDao iUserDao=new IUserDaoImpl();
@Override
public User login(String username, String pass) {
return iUserDao.login(username,pass);
}
@Override
public List<Role> getAllRolesByName(String username) {
return iUserDao.getAllRolesByName(username);
}
@Override
public List<Permission> getAllPermissionsByName(String name) {
return iUserDao.getAllPermissionsByName(name);
}
}
8、控制器
UserServlet
package com.qfedu.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/UserServlet")
public class UserServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
//构建SeicurityManager工厂,IniSecurityManagerFactory可以从ini文件中初始化SecurityManager环境
IniSecurityManagerFactory factory = new IniSecurityManagerFactory();//ini文件
//通过工厂创建SecurityManager对象
SecurityManager manager = factory.getInstance();
//将SecurityManager设置到运行环境
SecurityUtils.setSecurityManager(manager);
//创建一个subject实例,该实例创建需要上面的SecurityManager
Subject subject = SecurityUtils.getSubject();
//创建token令牌,账号密码是ini文件中配置的
UsernamePasswordToken token=new UsernamePasswordToken(username,password);
try {
subject.login(token);
} catch (AuthenticationException e) {
e.printStackTrace();
}
if(subject.isAuthenticated()){
response.sendRedirect("main.jsp");
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request,response);
}
}
9、web文件
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>index</title>
</head>
<body>
<form action="/UserServlet" method="post">
username:<input type="text" name="username"/><p/>
password:<input type="text" name="password"/><p/>
<input type="submit" value="submit"/><p/>
</form>
</body>
</html>
main.jsp
<%--
Created by IntelliJ IDEA.
User: sun
Date: 2020/4/15
Time: 13:21
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h2>this is main.jsp page</h2>
<shiro:hasRole name="manager">i am manager</shiro:hasRole>
<shiro:hasRole name="guest"> i am guest</shiro:hasRole>
<shiro:user>
welcome back wukong!
Not wukong? Click <a href="index.html">here</a> to login
</shiro:user><p />
<shiro:hasPermission name="select">i can select</shiro:hasPermission><p />
<shiro:hasPermission name="delete">i can delete</shiro:hasPermission><p />
<shiro:hasPermission name="insert">i can insert</shiro:hasPermission><p />
<shiro:hasPermission name="update">i can update</shiro:hasPermission><p />
</body>
</html>
delete.jsp
<%--
Created by IntelliJ IDEA.
User: sun
Date: 2020/4/15
Time: 19:58
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>delete</title>
</head>
<body>
this is delete page
</body>
</html>
select.jsp
<%--
Created by IntelliJ IDEA.
User: sun
Date: 2020/4/15
Time: 19:54
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>select</title>
</head>
<body>
this is select page
</body>
</html>