1、shiro Hello
来源:互联网 发布:重庆seo网站建设 编辑:程序博客网 时间:2024/05/19 16:20
一、程序架构
pom.xml:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
二、简单说明Shiro.ini配置文件
2.1 内容
[users]
root = secret, admin
guest = guest, guest
presidentskroob = 12345, president
darkhelmet = ludicrousspeed, darklord, schwartz
lonestarr = vespa, goodguy, schwartz
[roles]
admin = *
schwartz = lightsaber:*
goodguy = winnebago:drive:eagle5
2.2 ini 文件说明
[users]:用户名=密码,角色1,角色2
[roles]:角色=权限1,权限2
权限:
(1)用简单的字符串来表示一个权限。如:user
(2)多层次管理:如:user:query,user:edit,user:query,edit。第一部分为操作的领域,第二部分为执行的操作。可以使用通配符:user:*,*:query
(3)实例级权限:域:操作:实例
如:user:edit:manager 只能对 user 中的 manager 进行 edit。
通配符:user:edit:*、user:*:*、user:*:manager
等价:user:edit==user:edit:*、user == user:*:* 只能从字符串结尾处省略。
三、Quickstart.java
packagecn.com.bochy.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class Quickstart {
public static void main(String[]args) {
Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager =factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
//用会话做一些事情
Session session = currentUser.getSession();
session.setAttribute("czf","123456");
String value = (String)session.getAttribute("czf");
//Retrieved:取回
if (value.equals("123456")) {
System.out.println("-->Retrieved the correct value! [" + value +"]");
}
// let's login the current user so we can check against roles andpermissions:
// System.out.println(currentUser.);
if(!currentUser.isAuthenticated()) {//authentication:认证,身份
UsernamePasswordToken token = newUsernamePasswordToken("lonestarr","vespa");
token.setRememberMe(true);
try {
currentUser.login(token);
System.out.println("-->User [" + currentUser.getPrincipal() +"] loggedin successfully.");
} catch(UnknownAccountException uae) {
//Principal:主要的,首长,负责人
System.out.println("-->There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsExceptionice) {
System.out.println("-->Password for account " + token.getPrincipal() +" was incorrect!");
} catch (LockedAccountExceptionlae) {
System.out.println("The account for username " + token.getPrincipal() +" is locked. " +
"Please contact your administrator to unlockit.");
}
// ... catch more exceptions here (maybe custom ones specific to yourapplication?
catch (AuthenticationExceptionae) {
//unexpected condition? error?
}
}
//test a role:
if (currentUser.hasRole("schwartz")) {
System.out.println("-->May the Schwartz be with you!");
} else {
System.out.println("Hello, mere mortal.");
}
//test a typed permission (not instance-level)
//lightsaber: 激光剑;weild:行使
if (currentUser.isPermitted("lightsaber:weild")) {
System.out.println("-->You may use a lightsaber ring. Use it wisely.");
} else {
//schwartz:施瓦兹
System.out.println("Sorry, lightsaber rings are for schwartz mastersonly.");
}
//a (very powerful) Instance Level permission:
//winnebago:温尼贝戈人;房车 eagle:鹰;plate:盘子
if (currentUser.isPermitted("winnebago:drive:eagle5")) {
System.out.println("-->You are permitted to 'drive' the winnebagowith license plate (id) 'eagle5'. " +
"Here are the keys - have fun!");
} else {
System.out.println("Sorry, you aren't allowed to drive the 'eagle5'winnebago!");
}
//all done - log out!
currentUser.logout();
System.exit(0);
}
}
四、执行结果
-->Retrieved the correct value! [123456]
-->User [lonestarr] logged in successfully.
-->May the Schwartz be with you!
-->You may use a lightsaber ring. Use it wisely.
-->You are permitted to 'drive' the winnebago withlicense plate (id) 'eagle5'. Here arethe keys - have fun!
五、总结
shiro
1、shiro是一个开源免费的Java安全框架,既可以使用在java的程序上,也可以使用在java web,还可以使用在移动端。
2、两大内容
1、身份验证
2、授权
3、使用shiro的依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
4、使用shiro的一般步骤
1、读取配置文件,获取安全管理者的工厂
Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro.ini");
2、获取安全管理者实例
SecurityManager securityManager=factory.getInstance();
3、设置SecurityUtils的SecurityManager
SecurityUtils.setSecurityManager(securityManager);
4、获取当前Subject对象(user)
Subject currrentUser= SecurityUtils.getSubject();
5、身份验证
UsernamePasswordToken token=new UsernamePasswordToken(用户名,密码);
currrentUser.login(token);
6、授权验证
7、注销用户
5、shiro如何判断某个用户拥有哪个角色?
currrentUser.hasRole(角色名)
currrentUser.hasAllRoles(多个角色)
6、如何判断某个用户是否可以访问某个资源
currentUser.isPermitted(资源名)
- 1、shiro Hello
- Shiro学习笔记<1>入门--Hello Shiro
- shiro学习之路(1)---初识shiro(Hello Word)
- shiro的hello world
- Shiro 学习笔记(1)—— Hello World
- Shiro简介与Hello World实现
- (二) shiro入门 :输出 hello world
- Hello Mr.J——shiro+springmvc
- Hello Mr.J——shiro+cas
- Shiro入门-hello world和用户认证
- 【shiro】shiro学习笔记1-shiro初识
- Shiro 1
- shiro(1)
- shiro(1)
- Hello Mr.J——shiro 简单地认识
- Hello Mr.J——shiro 实现session共享
- Hello Mr.J——shiro session管理机制
- 初学Shiro 1:Shiro的简单流程
- python中匿名函数
- matlab的一些语法知识
- 支付宝前端团队详解基于Node.js Web框架Chair
- Swift多线程之Operation:按优先级加载图片
- android程序actionbar阴影去除的办法
- 1、shiro Hello
- qml定时器示例
- Git详解之八 Git与其他系统
- 无法启动hiveserver的解决方法
- shell 语法 shell命令 用shell编写进度条
- svn同步图标显示问题
- Linux实现TCP连接
- HDU1754
- JAVA 敏感词过滤