Shiro 权限控制
来源:互联网 发布:男士手表推荐 知乎 编辑:程序博客网 时间:2024/06/01 09:45
项目架构
1.pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.java.shiro</groupId>
<artifactId>shiro03</artifactId>
<version>0.0.1-SNAPSHOT</version>
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.12</version>
</dependency>
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.37</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
</dependencies>
</project>
2.建立对应的配置文件
建立数据库连接配置文件jdbc_realm.ini
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
dataSource.driverClass=com.mysql.jdbc.Driver
dataSource.jdbcUrl=jdbc:mysql://localhost:3306/test
dataSource.user=root
dataSource.password=root
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm
基于角色的访问控制配置文件shiro_role.ini
[users]
java1234=123456,role1,role2
jack=123,role1
基于权限的访问控制配置文件 shiro_permission.ini
[users]
java1234=123456,role1,role2
jack=123,role1
[roles]
role1=user:select
role2=user:add,user:update,user:delete
建立log4j.properties
3.建立common 公共类
package com.java.common;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ShiroUtil {
public static Subject login(String configFile,String userName,String password){
// 读取配置文件,初始化SecurityManager工厂
Factory<SecurityManager> factory=new IniSecurityManagerFactory(configFile);
// 获取securityManager实例
SecurityManager securityManager=factory.getInstance();
// 把securityManager实例绑定到SecurityUtils
SecurityUtils.setSecurityManager(securityManager);
// 得到当前执行的用户
Subject currentUser=SecurityUtils.getSubject();
// 创建token令牌,用户名/密码
UsernamePasswordToken token=new UsernamePasswordToken(userName, password);
try{
// 身份认证
currentUser.login(token);
System.out.println("身份认证成功!");
}catch(AuthenticationException e){
e.printStackTrace();
System.out.println("身份认证失败!");
}
return currentUser;
}
}
4.基于角色的访问控制
package com.java.shiro;
import java.util.Arrays;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import com.java.common.ShiroUtil;
/**
* 基于角色的访问控制
* @author Administrator
*
*/
public class RoleTest {
@Test
public void testHasRole() {
Subject currentUser=ShiroUtil.login("classpath:shiro_role.ini", "java1234", "123456");
// Subject currentUser=ShiroUtil.login("classpath:shiro_role.ini", "jack", "123");
System.out.println(currentUser.hasRole("role1")?"有role1这个角色":"没有role1这个角色");
boolean []results=currentUser.hasRoles(Arrays.asList("role1","role2","role3"));
System.out.println(results[0]?"有role1这个角色":"没有role1这个角色");
System.out.println(results[1]?"有role2这个角色":"没有role2这个角色");
System.out.println(results[2]?"有role3这个角色":"没有role3这个角色");
System.out.println(currentUser.hasAllRoles(Arrays.asList("role1","role2"))?"role1,role2这两个角色都有":"role1,role2这个两个角色不全有");
currentUser.logout();
}
@Test
public void testCheckRole() {
Subject currentUser=ShiroUtil.login("classpath:shiro_role.ini", "java1234", "123456");
// Subject currentUser=ShiroUtil.login("classpath:shiro_role.ini", "jack", "123");
currentUser.checkRole("role1");
currentUser.checkRoles(Arrays.asList("role1","role2"));
currentUser.checkRoles("role1","role2","role3");
currentUser.logout();
}
}
5.基于权限的访问控制
package com.java.shiro;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import com.java.common.ShiroUtil;
/**
* 基于权限的访问控制
* @author Administrator
*
*/
public class PermissionTest {
@Test
public void testIsPermitted() {
Subject currentUser=ShiroUtil.login("classpath:shiro_permission.ini", "java1234", "123456");
// Subject currentUser=ShiroUtil.login("classpath:shiro_permission.ini", "jack", "123");
System.out.println(currentUser.isPermitted("user:select")?"有user:select这个权限":"没有user:select这个权限");
System.out.println(currentUser.isPermitted("user:update")?"有user:update这个权限":"没有user:update这个权限");
boolean results[]=currentUser.isPermitted("user:select","user:update","user:delete");
System.out.println(results[0]?"有user:select这个权限":"没有user:select这个权限");
System.out.println(results[1]?"有user:update这个权限":"没有user:update这个权限");
System.out.println(results[2]?"有user:delete这个权限":"没有user:delete这个权限");
System.out.println(currentUser.isPermittedAll("user:select","user:update")?"有user:select,update这两个权限":"user:select,update这两个权限不全有");
currentUser.logout();
}
@Test
public void testCheckPermitted() {
Subject currentUser=ShiroUtil.login("classpath:shiro_permission.ini", "java1234", "123456");
// Subject currentUser=ShiroUtil.login("classpath:shiro_permission.ini", "jack", "123");
currentUser.checkPermission("user:select");
currentUser.checkPermissions("user:select","user:update","user:delete");
currentUser.logout();
}
}
- shiro、SpringMVC权限控制
- shiro、SpringMVC权限控制
- shiro权限控制
- 权限控制框架 shiro
- Shiro 权限控制框架
- Apache Shiro 权限控制
- shiro权限控制
- Shiro 权限控制
- shiro权限控制
- Shiro进行权限控制
- 权限控制框架-shiro
- shiro-权限控制框架
- 权限控制框架-shiro
- 权限控制框架-shiro
- 权限控制框架-shiro
- 权限控制框架-shiro
- Apache Shiro权限控制实战,权限控制SpringMVC + Mybatis + Shiro
- Apache Shiro权限控制实战,权限控制SpringMVC + Mybatis + Shiro
- ftp服务器的搭建过程
- BaseRecyclerViewAdapterHelper源码解读(一) 封装简单的adapter和万能的BaseViewHolder
- 试验四
- Spring MVC整合FreeMark 视图解析器
- 入职相关
- Shiro 权限控制
- Android 动画部分
- spring-boot + websocket 打包问题汇总
- 一致性hash
- A
- SpringBoot学习笔记(一)
- Java SE (一)——标识符、关键字、类型
- android 自定义组合控件
- Android自定义手势密码