1 <!-- shiro核心包 -->
 2         <dependency>
 3             <groupId>org.apache.shiro</groupId>
 4             <artifactId>shiro-core</artifactId>
 5             <version>1.2.5</version>
 6         </dependency>
 7         <!-- 添加shiro web支持 -->
 8         <dependency>
 9             <groupId>org.apache.shiro</groupId>
10             <artifactId>shiro-web</artifactId>
11             <version>1.2.5</version>
12         </dependency>
13 
14         <!-- 添加sevlet支持 -->
15         <dependency>
16             <groupId>javax.servlet</groupId>
17             <artifactId>javax.servlet-api</artifactId>
18             <version>3.1.0</version>
19         </dependency>
20         <!-- 添加jsp支持 -->
21         <dependency>
22             <groupId>javax.servlet.jsp</groupId>
23             <artifactId>javax.servlet.jsp-api</artifactId>
24             <version>2.3.1</version>
25         </dependency>
26         <!-- 添加jstl支持 -->
27         <dependency>
28             <groupId>javax.servlet</groupId>
29             <artifactId>jstl</artifactId>
30             <version>1.2</version>
31         </dependency>
32         <!-- 添加log4j日志 -->
33         <dependency>
34             <groupId>log4j</groupId>
35             <artifactId>log4j</artifactId>
36             <version>1.2.17</version>
37         </dependency>
38         <dependency>
39             <groupId>commons-logging</groupId>
40             <artifactId>commons-logging</artifactId>
41             <version>1.2</version>
42         </dependency>
43         <dependency>
44             <groupId>org.slf4j</groupId>
45             <artifactId>slf4j-api</artifactId>
46             <version>1.7.21</version>
47         </dependency>

 1 [main]
 2 authc.loginUrl=/login
 3 
 4 [users]
 5 csdn1=123,admin,teacher
 6 csdn2=123,teacher
 7 csdn3=123,student
 8 csdn4=123
 9 
10 [roles]
11 admin=user:*,student:*
12 teacher=student:*
13 
14 [urls]
15 /login=anon 
16 /admin=authc

 1 package util;
 2 
 3 import org.apache.shiro.SecurityUtils;
 4 import org.apache.shiro.authc.UsernamePasswordToken;
 5 import org.apache.shiro.config.IniSecurityManagerFactory;
 6 import org.apache.shiro.mgt.SecurityManager;
 7 import org.apache.shiro.subject.Subject;
 8 import org.apache.shiro.util.Factory;
 9 
10 public class ShiroUtil {
11 
12     public static Subject getCurrUser(String config,String username,String password){
13         //初始化工厂
14                 Factory<SecurityManager> factory=new IniSecurityManagerFactory(config);
15                  SecurityManager securityManager=factory.getInstance();
16                  SecurityUtils.setSecurityManager(securityManager);
17                  Subject subject=SecurityUtils.getSubject();
18                  UsernamePasswordToken token=new UsernamePasswordToken(username,password);
19                 try {
20                      subject.login(token);
21                      System.out.println("登陆成功");
22                 } catch (Exception e) {
23                      e.printStackTrace();
24                      System.out.println("登陆失败");
25                 }
26                 return subject;
27     }
28 }

 1 package servlet;
 2 
 3 import java.io.IOException;
 4 
 5 import javax.servlet.ServletException;
 6 import javax.servlet.annotation.WebServlet;
 7 import javax.servlet.http.HttpServlet;
 8 import javax.servlet.http.HttpServletRequest;
 9 import javax.servlet.http.HttpServletResponse;
10 
11 @WebServlet("/admin")
12 public class AdminServlet extends HttpServlet {
13 
14     private static final long serialVersionUID = -8898740167735658141L;
15 
16     @Override
17     public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
18         request.getRequestDispatcher("/admin.jsp").forward(request, response);
19     }
20 }

 1 package servlet;
 2 
 3 import java.io.IOException;
 4 
 5 import javax.servlet.ServletException;
 6 import javax.servlet.annotation.WebServlet;
 7 import javax.servlet.http.HttpServlet;
 8 import javax.servlet.http.HttpServletRequest;
 9 import javax.servlet.http.HttpServletResponse;
10 
11 import org.apache.shiro.SecurityUtils;
12 import org.apache.shiro.authc.UsernamePasswordToken;
13 import org.apache.shiro.subject.Subject;
14 
15 import util.ShiroUtil;
16 
17 
18 @WebServlet("/login")
19 public class LoginSerlet extends HttpServlet{
20 
21     private static final long serialVersionUID = 4689893605443801988L;
22 
23     @Override
24     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
25         req.getRequestDispatcher("/login.jsp").forward(req, resp);
26     }
27     @Override
28     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
29         String username=req.getParameter("username");
30         String password=req.getParameter("password");
31         Subject subject=SecurityUtils.getSubject();
32         UsernamePasswordToken token=new UsernamePasswordToken(username,password);
33         try {
34             subject.login(token);
35             resp.sendRedirect("success.jsp");
36         } catch (Exception e) {
37             req.setAttribute("error", "用户名或密码错误");
38             req.getRequestDispatcher("/login.jsp").forward(req, resp);
39         }
40     }
41 }