<dependency>      <groupId>org.apache.shiro</groupId>      <artifactId>shiro-web</artifactId>      <version>1.2.2</version>  </dependency>  <dependency>          <groupId>commons-logging</groupId>          <artifactId>commons-logging</artifactId>          <version>1.1.3</version>    </dependency> 

   <!-- 初始化shiro web environment -->    <listener>          <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>  </listener>  <!-- 设置shiro拦截器-->   <filter>      <filter-name>ShiroFilter</filter-name>      <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>  </filter>    <filter-mapping>      <filter-name>ShiroFilter</filter-name>      <url-pattern>/*</url-pattern>  </filter-mapping>

[main]authc.loginUrl=/loginauthc.successUrl=/index[users]zhang=123,role1,role2  wang=123,role1  [urls]/login=authc/logout=logout/* = authc

public class LoginServlet extends HttpServlet {	private static final long serialVersionUID = 1L;    public LoginServlet() {        super();    }	/**GET请求显示登录界面同时显示错误信息	 */	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		//显示登录界面		request.getRequestDispatcher("/login.jsp").forward(request, response);		}	/**FormAuthenticationFilter将会拦截POST请求进行登录操作，我们不需要再做登录操作。	 */	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		System.out.println("登录失败才会进入doPost方法。因为拦截器拦截了POST请求进行登录，登录成功则直接跳转至访问页面。登录失败后才进入Post方法");		System.out.println("登录失败才再登录界面，并添加错误信息");				//FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME值为shiroLoginFailure，保存了登录错误信息，值为异常的类全名		String errorFullClassName = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);		String cerrorKey="error";//客户端显示的错误信息		if(UnknownAccountException.class.getName().equals(errorFullClassName)){			//未知账户			request.setAttribute(cerrorKey, "用户名密码错误");		}else if(IncorrectCredentialsException.class.getName().equals(errorFullClassName)){			//密码错误			request.setAttribute(cerrorKey, "用户名密码错误");		}else{			//其他错误如账户锁定等等			request.setAttribute(cerrorKey, "其他错误");		}		//显示登录界面		doGet(request, response);	}}

  <servlet>      <servlet-name>LoginServlet</servlet-name>      <servlet-class>baseshiroweb.LoginServlet</servlet-class>  </servlet>    <servlet-mapping>      <servlet-name>LoginServlet</servlet-name>      <url-pattern>/login</url-pattern>  </servlet-mapping>

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body>登陆界面<br/><form action="/baseshiroweb/login" method="post">   Username: <input type="text" name="username"/> <br/>   Password: <input type="password" name="password"/><br/>   <input type="checkbox" name="rememberMe" value="http://www.mamicode.com/true"/>Remember Me?<br/>   <input type="submit" value="http://www.mamicode.com/提交"/></form>${error}</body></html>

public class MyServlet extends HttpServlet{		@Override	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {		resp.getWriter().println("<html>");		resp.getWriter().println("hello shiro web"+"<br/>");		Subject subject = SecurityUtils.getSubject();		resp.getWriter().println("principal:"+subject.getPrincipal()+"<br/>");		resp.getWriter().println("isAuthenticated"+subject.isAuthenticated()+"<br/>");		resp.getWriter().println("<a href=http://www.mamicode.com/‘/baseshiroweb/logout‘>logout");		resp.getWriter().println("</html>");	}}

  <servlet>      <servlet-name>myservlet</servlet-name>      <servlet-class>baseshiroweb.MyServlet</servlet-class>  </servlet>      <servlet-mapping>      <servlet-name>myservlet</servlet-name>      <url-pattern>/index</url-pattern>  </servlet-mapping>

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">   <display-name>Archetype Created Web Application</display-name>   <!-- 初始化shiro web environment -->    <listener>          <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>  </listener>  <!-- 设置shiro拦截器-->   <filter>      <filter-name>ShiroFilter</filter-name>      <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>  </filter>    <filter-mapping>      <filter-name>ShiroFilter</filter-name>      <url-pattern>/*</url-pattern>  </filter-mapping>    <servlet>      <servlet-name>myservlet</servlet-name>      <servlet-class>baseshiroweb.MyServlet</servlet-class>  </servlet>      <servlet-mapping>      <servlet-name>myservlet</servlet-name>      <url-pattern>/index</url-pattern>  </servlet-mapping>    <servlet>      <servlet-name>LoginServlet</servlet-name>      <servlet-class>baseshiroweb.LoginServlet</servlet-class>  </servlet>    <servlet-mapping>      <servlet-name>LoginServlet</servlet-name>      <url-pattern>/login</url-pattern>  </servlet-mapping></web-app>