1、建立shiro.ini文件
#格式:用户名=密码,角色1,角色2
[users]
zhangsan=123,admin
lisi=456,manager,seller
wangwu=789,clerk
#预定权限
[roles]
admin=*
clerk=user:query,user:detail:query
manager=user:*
2、pom文件引入依赖包
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<!-- 核心配置,包含默认依赖 -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.12.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.study</groupId>
<artifactId>shiro-test</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>shiro-test</name>
<!-- FIXME change it to the project's website -->
<url>http://www.example.com</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<shiro.version>1.7.1</shiro.version>
</properties>
<dependencies>
<!-- 模板引擎freemarker -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
<!-- web场景的依赖 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- 测试依赖 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- 健康监测 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<!-- shiro -->
<!-- shiro核心包 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<!-- 添加shiro web支持 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<!-- 添加shiro spring整合 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
3、创建测试例子TestShiro.java
package com.study.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
/**
* 测试shiro
* @author user
*
*/
public class TestShiro {
public static void main(String[] args) {
//创建SecurityFactory,加载ini配置,并通过它创建SecurityManager
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//shiro核心,securityManager
SecurityManager securityManager = factory.getInstance();
//将SecurityManager托管到SecurityUtils工具类中,之后可以不必关心SecurityManager
SecurityUtils.setSecurityManager(securityManager);
//获得Subject,通过Subject可以执行shiro的相关操作(除了加密之外的所有操作)
Subject currentUser = SecurityUtils.getSubject();
//通过Subject获取当前用户的登录状态(ops:从session中同步信息)
System.out.println(currentUser.isAuthenticated());
//Principal是当前用户的凭证,就是用户名
System.out.println(currentUser.getPrincipal());
//身份认证(类似登录逻辑)
if (!currentUser.isAuthenticated()) { //判断是否已经登录
//如果未登录,则封装一个token,其中包括:用户名和密码
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123");
try {
//将token传入login方法,进行身份认证
//login方法返回是void,看异常
currentUser.login(token); //在IniRealm.java中比对
} catch (UnknownAccountException uae) { //用户不存在
System.out.println("用户不存在:" + token.getPrincipal());
} catch (IncorrectCredentialsException ice) { //密码错误
System.out.println("密码错误:" + token.getPrincipal());
} catch (LockedAccountException lae) { //账户冻结
System.out.println("账户冻结:" + token.getPrincipal());
} catch (AuthenticationException ae) { //其他认证异常
}
}
//认证成功则用户信息会存入currentUser
System.out.println("登录成功:" + currentUser.getPrincipal());
//可以进一步进行角色校验和权限校验
if (currentUser.hasRole("admin")) { //校验角色
System.out.println("hello, boss");
} else {
System.out.println("hello, you");
}
if (currentUser.isPermitted("user:update")) { //校验权限
System.out.println("you can update user");
} else {
System.out.println("sorry, you can not update");
}
//用户退出,会清理用户状态
//登出:身份信息,登录状态信息,权限信息,角色信息,会话信息,全部抹除
currentUser.logout();
}
}