(一)初时shiro

shiro是Apache公司的一个java 安全的框架,它功能强大、简单易用。

shiro的基本特征图如下:


主要模块有四个:

  • Authentication: Sometimes referred to as ‘login’, this is the act of proving a user is who they say they are.

  • Authorization: The process of access control, i.e. determining ‘who’ has access to ‘what’.

  • Session Management: Managing user-specific sessions, even in non-web or EJB applications.

  • Cryptography: Keeping data secure using cryptographic algorithms while still being easy to use.

Authentication: 身份认证

Authorization: 权限验证

Session Management: session管理

Cryptography: 加密

额外的支持功能

  • Web Support: Shiro’s web support APIs help easily secure web applications.
  • Caching: Caching is a first-tier citizen in Apache Shiro’s API to ensure that security operations remain fast and efficient.
  • Concurrency: Apache Shiro supports multi-threaded applications with its concurrency features.
  • Testing: Test support exists to help you write unit and integration tests and ensure your code will be secured as expected.
  • “Run As”: A feature that allows users to assume the identity of another user (if they are allowed), sometimes useful in administrative scenarios.
  • “Remember Me”: Remember users’ identities across sessions so they only need to log in when mandatory.
Web Support:支持web开发

Caching:缓存确保操作的安全和高效性

Concurrency:支持多线程

Testing:支持测试

Run As:允许用户承担另一个用户的身份(如果允许)的功能,有时在管理方案中很有用。

Remember Me:记住用户,下次直接登录。


上手操作

在eclipse中创建一个maven项目,命名为shiro01,在maven的配置文件pom.xml文件中引入shiro。

	<dependency>
    	<groupId>org.apache.shiro</groupId>
    	<artifactId>shiro-core</artifactId>
    	<version>1.3.2</version>
	</dependency>
暂时先引入一个,保存后maven会下载他的jar包

会发现shiro-core核心jar包需要两个依赖包,而其中一个只是api,再引入slf4j

<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 -->
<dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>slf4j-log4j12</artifactId>
    <version>1.7.21</version>
</dependency>

下面开始模拟验证登录过程

1.在resource下创建一个属性文件shiro.ini,并编辑文件

[users]
liy313=123456
jack=123
[users]是固定写法,表示用户

其它则是键值对:用户名=密码


2.编写java代码

package com.liy.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;

public class HelloWorld {

	public static void main(String[] args) {
		//读取配置文件,初始化SecurityManager工厂
		Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
		//获取SecurityManager实例
		SecurityManager securityManager=factory.getInstance();
		//把securityManager实例帮定到SecurityUtils中
		SecurityUtils.setSecurityManager(securityManager);
		//得到当前执行的用户
		Subject currentUser=SecurityUtils.getSubject();
		//创建token用户令牌
		UsernamePasswordToken token = new UsernamePasswordToken("liy313", "123456");
		try {
			//身份认证
			currentUser.login(token);
			System.out.println("用户验证成功");
		} catch (AuthenticationException e) {
			e.printStackTrace();
			System.out.println("用户验证失败");
		}
		
		currentUser.logout();
	}
}
详情可以查询shiro的docs中的Tutorial

http://shiro.apache.org/tutorial.html
阅读更多

没有更多推荐了,返回首页