一、权限认证的核心要素
权限认证即访问控制:在应用中控制谁能访问哪些资源。在权限认证中,最核心的三要素是:权限、角色和用户;
权限,即操作资源的权利,比如访问某个页面,以及对某个模块的数据的加载、修改、删除、查看的权利;
角色,是权限的集合,一种角色可以包含多种权限;
用户,是Shiro中,代表访问系统的用户,即Subject。
二、基于角色的访问控制
shiro_role.ini
[users]
root=123456,role1,role2
gates=123456,role1
package com.shiro;
import java.util.Arrays;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import com.shiro.common.ShiroUtils;
public class RoleTest {
@Test
public void testHasRole() {
Subject currentUser=ShiroUtils.login("classpath:shiro_role.ini", "gates", "123456");
System.out.println(currentUser.hasRole("role2")?"hasRole2":"notHasRole2");
currentUser.logout();
}
@Test
public void testHasRoles() {
Subject currentUser=ShiroUtils.login("classpath:shiro_role.ini", "root", "123456");
boolean[] result=currentUser.hasRoles(Arrays.asList("role1","role2","role3"));
for (boolean b : result) {
System.out.println(b);
}
currentUser.logout();
}
@Test
public void testHasAllRoles() {
Subject currentUser=ShiroUtils.login("classpath:shiro_role.ini", "root", "123456");
System.out.println(currentUser.hasAllRoles(Arrays.asList("role1","role2"))?"yes":"no");
currentUser.logout();
}
@Test
public void testCheckRole() {
//checkRole没有返回值,若没有role则抛出异常
Subject currentUser=ShiroUtils.login("classpath:shiro_role.ini", "gates", "123456");
currentUser.checkRole("role1");
currentUser.logout();
}
@Test
public void testCheckRoles() {
Subject currentUser=ShiroUtils.login("classpath:shiro_role.ini", "root", "123456");
currentUser.checkRoles("role1","role2");
currentUser.logout();
}
}
shiro_permission.ini
[users]
gates=123456,role1
root=123456,role1,role2
[roles]
role1=user:select
role2=user:select,user:add,user:update,user:delete
package com.shiro;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import com.shiro.common.ShiroUtils;
public class PermissionTest {
@Test
public void testIsPermitted() {
Subject currentUser=ShiroUtils.login("classpath:shiro_permission.ini", "gates", "123456");
//System.out.println(currentUser.isPermitted("user:select"));
boolean[] result=currentUser.isPermitted("user:select","user:update");
for (boolean b : result) {
System.out.println(b);
}
currentUser.logout();
}
@Test
public void testIsPermittedAll() {
//必须全都有才返回true
Subject currentUser=ShiroUtils.login("classpath:shiro_permission.ini", "gates", "123456");
System.out.println(currentUser.isPermittedAll("user:select","user:update"));
currentUser.logout();
}
@Test
public void testCheckPermission() {
//没有返回值,错误抛出异常
Subject currentUser=ShiroUtils.login("classpath:shiro_permission.ini", "gates", "123456");
currentUser.checkPermission("user:select");
currentUser.logout();
}
@Test
public void testCheckPermissions() {
//没有返回值,错误抛出异常
Subject currentUser=ShiroUtils.login("classpath:shiro_permission.ini", "root", "123456");
currentUser.checkPermissions("user:select","user:add","user:update","user:delete");
currentUser.logout();
}
}