shiro的环境搭建
1.pom文件的配置:
<!--shiro 的添加 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<!-- configure logging -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.24</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.26</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
<scope>runtime</scope>
</dependency>
2.ini文件的配置:
[users]
# user 'tiger' with password 'tiger' and roles 'roles1' and 'roles2'
scott = tiger, admin, roles1, roles2
# -----------------------------------------------------------------------------
# Roles with assigned permissions
#
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc
# -----------------------------------------------------------------------------
[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
admin = *
# The 'roles1' role can do anything (*) with any lightsaber:
roles1 = lightsaber:*
# The 'roles2' role is allowed to 'drive' (action) the winnebago (type) with
# license plate 'eagle5' (instance specific id)
# user 对 stu 进行更新操作 更细致 的行为
roles2 = user:update:stu
3.快速代码的启动方法说明:
public class Quickstart {
private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);
public static void main(String[] args) {
//通过 工厂 拿到 SecurityManager
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro_test.ini");
SecurityManager securityManager = factory.getInstance();
// for this simple example quickstart, make the SecurityManager
// accessible as a JVM singleton. Most applications wouldn't do this
// and instead rely on their container configuration or web.xml for
// webapps. That is outside the scope of this simple quickstart, so
// we'll just do the bare minimum so you can continue to get a feel
// for things.
// 设置
SecurityUtils.setSecurityManager(securityManager);
// Now that a simple Shiro environment is set up, let's see what you can do:
// get the currently executing user:
// 获取当前的 sub
Subject currentUser = SecurityUtils.getSubject();
// Do some stuff with a Session (no need for a web or EJB container!!!)
// se项目 也可以获取 session
Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {
log.info("=====session 中 可以 获取 value -----Retrieved the correct value! [" + value + "]");
}
// let's login the current user so we can check against roles and permissions:
// 登录的操作
if (!currentUser.isAuthenticated()) {
// 用户名 登录
UsernamePasswordToken token = new UsernamePasswordToken("scott", "tiger");
// 记住我
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
log.info("====没有用户账号---->There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
log.info("====密码不对-----> Password for account " + token.getPrincipal() + " was incorrect!");
} catch (LockedAccountException lae) {
log.info("账号锁定了----The account for username " + token.getPrincipal() + " is locked. " +
"Please contact your administrator to unlock it.");
}
// ... catch more exceptions here (maybe custom ones specific to your application?
catch (AuthenticationException ae) {
//unexpected condition? error?
}
}
//say who they are:
//print their identifying principal (in this case, a username):
log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
//test a role:
// 测试 当前的用户 是否有这个角色
if (currentUser.hasRole("roles1")) {
log.info("======有这个角色 May the Schwartz be with you!");
} else {
log.info("Hello, mere mortal.");
}
//test a typed permission (not instance-level)
// 测试 当前用户 是否 有这个行为
if (currentUser.isPermitted("roles1:买衣服")) {
log.info("======买衣服 You may use a 买衣服 ring. Use it wisely.");
} else {
log.info("Sorry, lightsaber rings are for schwartz masters only.");
}
//a (very powerful) Instance Level permission:
// 测试 当前用户 是否 有这个行为 (更加具体的行为)
if (currentUser.isPermitted("user:update:stu")) {
log.info("======> 细致行为 ---You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'. " +
"Here are the keys - have fun!");
} else {
log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
}
//all done - log out!
// 当前用注销
currentUser.logout();
System.exit(0);
}
}
都是官方的例子拷贝过来的,改了改配置文件,一些注释没有删除 就是官方的说明