}
//…在此处捕获更多异常
catch (AuthenticationException ae) {
//意外情况 ? 错误 ?
}
}
//打印其标识主体(在这种情况下,为用户名)
log.info(“User [” + currentUser.getPrincipal() + “] logged in successfully.”);
//测试角色是否存在
if (currentUser.hasRole(“schwartz”)) {
log.info(“May the Schwartz be with you!”);
} else {
log.info(“Hello, mere mortal.”);
}
//粗粒度,极限范围小
//测试类型化的极限(不是实例级别)
if (currentUser.isPermitted(“lightsaber:wield”)) {
log.info(“You may use a lightsaber ring. Use it wisely.”);
} else {
log.info(“Sorry, lightsaber rings are for schwartz masters only.”);
}
//细粒度,极限范围广
//实例级别的权限(非常强大)
if (currentUser.isPermitted(“winnebago:drive:eagle5”)) {
log.info("You are permitted to ‘drive’ the winnebago with license plate (id) ‘eagle5’. " +
“Here are the keys - have fun!”);
} else {
log.info(“Sorry, you aren’t allowed to drive the ‘eagle5’ winnebago!”);
}
//注销
currentUser.logout();
//退出
System.exit(0);
}
}
三、SpringBoot 集成 Shiro
=====================
1.编写测试环境
1.在刚刚的父项目中新建一个 springboot 模块
2.导入 SpringBoot 和 Shiro 整合包的依赖
org.apache.shiro
shiro-spring
1.4.1
下面是编写配置文件
Shiro 三大要素
Subject 用户 -> ShiroFilterFactoryBean
SecurityManager 管理所有用户 -> DefaultWebSecurityManager
Realm 连接数据
实际操作中对象创建的顺序 : realm -> securityManager -> subject
3.编写自定义的 realm ,需要继承 AuthorizingRealm
//自定义的 UserRealm extends AuthorizingRealm
public class UserRealm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//打印一个提示
System.out.println(“执行了授权方法”);
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//打印一个提示
System.out.println(“执行了认证方法”);
return null;
}
}
4.新建一个ShiroConfig配置文件
@Configuration
public class ShiroConfig {
//ShiroFilterFactoryBean:3
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier(“securityManager”) DefaultWebSecurityManager defaultWebsecurityManager){
ShiroFilterFactoryBean bean = new