shiro的快速入门

最新推荐文章于 2023-06-01 18:13:51 发布

昔我往昔

最新推荐文章于 2023-06-01 18:13:51 发布

阅读量153

点赞数 3

分类专栏： javaweb

本文链接：https://blog.csdn.net/hekai7217/article/details/88745817

版权

javaweb 专栏收录该内容

7 篇文章 0 订阅

订阅专栏

shiro的环境搭建
1.pom文件的配置:

        <!--shiro 的添加 -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.3.2</version>
        </dependency>

        <!-- configure logging -->
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>jcl-over-slf4j</artifactId>
            <version>1.7.24</version>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
            <version>1.7.26</version>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.17</version>
            <scope>runtime</scope>
        </dependency>

2.ini文件的配置:

[users]
# user 'tiger' with password 'tiger' and roles 'roles1' and 'roles2'
scott = tiger, admin, roles1, roles2
# -----------------------------------------------------------------------------
# Roles with assigned permissions
# 
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc
# -----------------------------------------------------------------------------
[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
admin = *
# The 'roles1' role can do anything (*) with any lightsaber:
roles1 = lightsaber:*
# The 'roles2' role is allowed to 'drive' (action) the winnebago (type) with
# license plate 'eagle5' (instance specific id)
# user 对 stu 进行更新操作  更细致 的行为
roles2 = user:update:stu

3.快速代码的启动方法说明:

public class Quickstart {

    private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);
    public static void main(String[] args) {
        //通过 工厂 拿到  SecurityManager
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro_test.ini");
        SecurityManager securityManager = factory.getInstance();
        // for this simple example quickstart, make the SecurityManager
        // accessible as a JVM singleton.  Most applications wouldn't do this
        // and instead rely on their container configuration or web.xml for
        // webapps.  That is outside the scope of this simple quickstart, so
        // we'll just do the bare minimum so you can continue to get a feel
        // for things.
        // 设置
        SecurityUtils.setSecurityManager(securityManager);
        // Now that a simple Shiro environment is set up, let's see what you can do:
        // get the currently executing user:
        // 获取当前的  sub
        Subject currentUser = SecurityUtils.getSubject();
        // Do some stuff with a Session (no need for a web or EJB container!!!)
        // se项目 也可以获取 session
        Session session = currentUser.getSession();
        session.setAttribute("someKey", "aValue");
        String value = (String) session.getAttribute("someKey");
        if (value.equals("aValue")) {
            log.info("=====session 中 可以 获取 value -----Retrieved the correct value! [" + value + "]");
        }
        // let's login the current user so we can check against roles and permissions:
        // 登录的操作
        if (!currentUser.isAuthenticated()) {
            // 用户名 登录
            UsernamePasswordToken token = new UsernamePasswordToken("scott", "tiger");
            // 记住我
            token.setRememberMe(true);
            try {
                currentUser.login(token);
            } catch (UnknownAccountException uae) {
                log.info("====没有用户账号---->There is no user with username of " + token.getPrincipal());
            } catch (IncorrectCredentialsException ice) {
                log.info("====密码不对-----> Password for account " + token.getPrincipal() + " was incorrect!");
            } catch (LockedAccountException lae) {
                log.info("账号锁定了----The account for username " + token.getPrincipal() + " is locked.  " +
                        "Please contact your administrator to unlock it.");
            }
            // ... catch more exceptions here (maybe custom ones specific to your application?
            catch (AuthenticationException ae) {
                //unexpected condition?  error?
            }
        }
        //say who they are:
        //print their identifying principal (in this case, a username):

        log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
        //test a role:
        // 测试 当前的用户 是否有这个角色
        if (currentUser.hasRole("roles1")) {
            log.info("======有这个角色 May the Schwartz be with you!");
        } else {
            log.info("Hello, mere mortal.");
        }
        //test a typed permission (not instance-level)
        // 测试 当前用户 是否 有这个行为
        if (currentUser.isPermitted("roles1:买衣服")) {
            log.info("======买衣服 You may use a 买衣服 ring.  Use it wisely.");
        } else {
            log.info("Sorry, lightsaber rings are for schwartz masters only.");
        }
        //a (very powerful) Instance Level permission:
        // 测试 当前用户 是否 有这个行为 (更加具体的行为)
        if (currentUser.isPermitted("user:update:stu")) {
            log.info("======> 细致行为 ---You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " +
                    "Here are the keys - have fun!");
        } else {
            log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
        }
        //all done - log out!
        // 当前用注销
        currentUser.logout();
        System.exit(0);
    }
}

都是官方的例子拷贝过来的，改了改配置文件，一些注释没有删除就是官方的说明