shiro初识

shiro:Java安全框架,有身份验证、授权、密码学和会话管理

Spring security 重量级安全框架(配置很麻烦 做的比较细)
Apache Shiro轻量级安全框架 (配置很容易 很方便，很容易使用)
自定义Realm

授权：

String username = (String) principalCollection.getPrimaryPrincipal();
        //模拟根据用户名拿到角色信息与权限信息
        Set<String> roles = getRolesByUsername(username);
        Set<String> permissions = getPermissionsByUsername(username);
        //拿到验证信息对象
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        //设置用户的角色
        authorizationInfo.setRoles(roles);
        //设置用户的权限
        authorizationInfo.setStringPermissions(permissions);
        return authorizationInfo;
    }

    //模拟根据用户名拿到角色的功能
    private Set<String> getRolesByUsername(String username) {
        Set<String> roles = new HashSet<>();
        roles.add("admin");
        roles.add("it");
        return roles;
    }
    //模拟根据用户名拿到权限的功能
    private Set<String> getPermissionsByUsername(String username) {
        Set<String> permissions = new HashSet<>();
        permissions.add("employee.*");
        permissions.add("department.save");
        return permissions;
    }

身份认证：

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token= (UsernamePasswordToken) authenticationToken;

        String usernaem=token.getUsername();

        String password=findUserByUsername(usernaem);

        if (password==null){
            return null;
        }

        ByteSource salt = ByteSource.Util.bytes("itsource");

        SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(usernaem,password,salt,getName());
        return simpleAuthenticationInfo;
    }
    

 

加密加盐：

    public static void main(String[] args){

        SimpleHash simpleHash=new SimpleHash("MD5", "th", "hahahhs",10);

        System.out.println(simpleHash.toString());

    }