shiro学习_demo
来源:互联网 发布:mac安装win10激活码 编辑:程序博客网 时间:2024/06/18 15:08
现在使用shiro作为权限认证已经越来越多,并且最近打算使用jeesite进行一个公司内部cms系统的系统的开发,结果发现很多坑,其框架就是使用shiro作为认证授权框架。所以打算对shiro进行学习。
从官网直接说明,shiro的核心和功能点分别是:认证、授权、会话管理、加密;web支持、缓存、并发、测试、记住我(jeesite也使用了该功能),其介绍如下:
![](http://img.blog.csdn.net/20170710224217917?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvaXRfbGlob25nbWlu/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center)
Shiro targets what the Shiro development team calls “the four cornerstones of application security” - Authentication, Authorization, Session Management, and Cryptography:
Authentication: Sometimes referred to as ‘login’, this is the act of proving a user is who they say they are.
Authorization: The process of access control, i.e. determining ‘who’ has access to ‘what’.
Session Management: Managing user-specific sessions, even in non-web or EJB applications.
Cryptography: Keeping data secure using cryptographic algorithms while still being easy to use.
There are also additional features to support and reinforce these concerns in different application environments, especially:
Web Support: Shiro’s web support APIs help easily secure web applications.
Caching: Caching is a first-tier citizen in Apache Shiro’s API to ensure that security operations remain fast and efficient.
Concurrency: Apache Shiro supports multi-threaded applications with its concurrency features.
Testing: Test support exists to help you write unit and integration tests and ensure your code will be secured as expected.
“Run As”: A feature that allows users to assume the identity of another user (if they are allowed), sometimes useful in administrative scenarios.
“Remember Me”: Remember users’ identities across sessions so they only need to log in when mandatory.
首先进行demo的搭建:
1、创建maven项目,并在其官网copy shiro的和slf4j的依赖,并配置slf4j的配置文件信息:
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
<scope>test</scope>
</dependency>
2、创建key、value的shiro ini 配置文件于 src/main/resources目录下,[users] 存储用户信息,项目中一般该信息存储于数据库中。
从官网直接说明,shiro的核心和功能点分别是:认证、授权、会话管理、加密;web支持、缓存、并发、测试、记住我(jeesite也使用了该功能),其介绍如下:
Shiro targets what the Shiro development team calls “the four cornerstones of application security” - Authentication, Authorization, Session Management, and Cryptography:
Authentication: Sometimes referred to as ‘login’, this is the act of proving a user is who they say they are.
Authorization: The process of access control, i.e. determining ‘who’ has access to ‘what’.
Session Management: Managing user-specific sessions, even in non-web or EJB applications.
Cryptography: Keeping data secure using cryptographic algorithms while still being easy to use.
There are also additional features to support and reinforce these concerns in different application environments, especially:
Web Support: Shiro’s web support APIs help easily secure web applications.
Caching: Caching is a first-tier citizen in Apache Shiro’s API to ensure that security operations remain fast and efficient.
Concurrency: Apache Shiro supports multi-threaded applications with its concurrency features.
Testing: Test support exists to help you write unit and integration tests and ensure your code will be secured as expected.
“Run As”: A feature that allows users to assume the identity of another user (if they are allowed), sometimes useful in administrative scenarios.
“Remember Me”: Remember users’ identities across sessions so they only need to log in when mandatory.
首先进行demo的搭建:
1、创建maven项目,并在其官网copy shiro的和slf4j的依赖,并配置slf4j的配置文件信息:
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
<scope>test</scope>
</dependency>
2、创建key、value的shiro ini 配置文件于 src/main/resources目录下,[users] 存储用户信息,项目中一般该信息存储于数据库中。
3、登录的用户信息
package demo.netty_lihongmin.controller;import org.apache.catalina.security.SecurityUtil;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.config.IniSecurityManagerFactory;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.subject.Subject;import org.apache.shiro.util.Factory;public class ShiroMain {public static void main(String[] args) {//读取配置文件,初始化工厂Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:");//获取SecurityManager实例SecurityManager instance = factory.getInstance();//把实例绑定到工具类SecurityUtils.setSecurityManager(instance);//得到当前执行的用户Subject subject = SecurityUtils.getSubject();// 创建token令牌的用户信息(一般为前端登陆的用户名和密码信息)UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123");try {subject.login(token);System.out.println("用户登陆成功!!!");} catch (Exception e) {// TODO: handle exceptione.printStackTrace();}subject.logout();}}
阅读全文
0 0
- shiro学习_demo
- CXF入门学习_DEMO
- WebRTC学习笔记_Demo收集
- WebRTC学习笔记_Demo收集
- WebRTC学习笔记_Demo收集
- WebRTC学习笔记_Demo收集
- WebRTC学习笔记_Demo收集
- WebRTC学习笔记_Demo收集
- WebRTC学习笔记_Demo收集
- WebRTC学习笔记_Demo收集
- shiro学习
- Shiro学习
- shiro学习
- shiro学习
- shiro学习
- shiro 学习
- shiro 学习
- shiro学习
- 字节写
- I/O多路复用之poll服务器
- Recyclerview系列(1)--基础使用
- Java 多线程中。两个线程交替执行,一个输出偶数,一个输出奇数(方法一)
- 用run_full_trafodion_backup.sh全库备份恢复单表
- shiro学习_demo
- flask bottle gunicorn gevent meinheld 组合测试性能(简单读写mongodb)
- Python爬虫学习笔记之基础知识
- nat
- 01-scala-高阶函数
- hbase 源代码解析(2)HAdmin 的表创建过程
- 卷积神经网络Step by Step(五)
- Spark MLlib 源代码解读之线性回归
- 【稳定凸包】poj1228 Grandpa's Estate