集成测试步骤：

1、准本一个shiro-web.ini文件

2、通过web.xml将shiro与web容器进行集成

3、编写servlet

4、测试

shiro-web.ini

[main]
#定义身份认证失败后的请求url映射，loginUrl是身份认证过滤器中的一个属性
authc.loginUrl=/login
#定义角色认证失败后的请求url映射，unauthorizedUrl是角色认证过滤器中的一个属性
roles.unauthorizedUrl=/unauthorized.jsp
#定义权限认证失败后请求url映射，unauthorizedUrl是角色认证过滤器中的一个属性
perms.unauthorizedUrl=/unauthorized.jsp

[users]
zs=123,role1
ls=123,role2
ww=123,role3
zdm=123,admin

[roles]
role1=user:create
role2=user:create,user:update
role3=user:create,user:update,user:delete,user:view,user:load
admin=user:*



#定义请求的地址需要做什么验证
[urls]
#请求login的时候不需要权限，游客身份即可(anon)
/login.do=anon

#请求/user/updatePwd.jsp的时候，需要身份认证(authc)
/user/updatePwd.jsp=authc

#请求/admin的时候，需要角色认证，必须是拥有admin角色的用户才行
/admin/*.jsp=roles[admin]

#请求/teacher的时候，需要权限认证，必须是拥有user:create权限的角色的用户才行
/user/teacher.jsp=perms["user:update"]

web.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">
  <display-name>Archetype Created Web Application</display-name>
  <context-param>
    <param-name>shiroConfigLocations</param-name>
    <param-value>classpath:shiro-web.ini</param-value>
  </context-param>
  <listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
  </listener>

  <filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  
</web-app>

LoginServlet.java

package com.javaxl;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author 小李飞刀
 * @site www.javaxl.com
 * @company
 * @create  2019-10-10 11:47
 */
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doPost(req,resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(usernamePasswordToken);
            req.getRequestDispatcher("main.jsp").forward(req, resp);
        } catch (Exception e) {
            req.setAttribute("message", "您的用户名密码输入有误！！！");
            req.getRequestDispatcher("login.jsp").forward(req, resp);
        }
    }
}

LogoutServlet.java

package com.javaxl;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author 小李飞刀
 * @site www.javaxl.com
 * @company
 * @create  2019-02-17 9:47
 */
@WebServlet("/logout")
public class LogoutServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doPost(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        resp.sendRedirect(req.getContextPath()+"/login.jsp");
    }
}

JSP结构

main.jsp

导入前面准备好的jsp页面进行测试

测试一下几点

1、身份认证成功与失败的结果

2、角色认证成功与失败的结果

3、权限认证成功与失败的结果

运行结果

在不登陆的情况下只能访问login.jsp

zs用户登录只能看到个人密码修改界面

ls用户登录，比zs多看到老师简介界面

over......