Shiro入门

已于 2022-04-07 08:24:26 修改
阅读量532 收藏
点赞数 1
分类专栏: java shiro 文章标签: java
于 2022-04-07 08:23:32 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/kay523393/article/details/124004682
版权
java 同时被 2 个专栏收录
24 篇文章 0 订阅
订阅专栏
shiro
2 篇文章 0 订阅
订阅专栏

Shiro入门

三大核心对象

subject———-用户

SecurityManager———- 管理所有用户

Realm————-连接数据

shiro 快速开始

1、导入依赖

<dependencies>
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.8.0</version>
    </dependency>
    <!-- configure logging -->
    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>jcl-over-slf4j</artifactId>
        <version>1.7.21</version>
    </dependency>
    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>slf4j-log4j12</artifactId>
        <version>1.7.21</version>
    </dependency>
    <dependency>
        <groupId>log4j</groupId>
        <artifactId>log4j</artifactId>
        <version>1.2.17</version>
    </dependency>
</dependencies>

2、配置文件

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#
log4j.rootLogger=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - %m %n
# General Apache libraries
log4j.logger.org.apache=WARN
# Spring
log4j.logger.org.springframework=WARN
# Default Shiro logging
log4j.logger.org.apache.shiro=INFO
# Disable verbose logging
log4j.logger.org.apache.shiro.util.ThreadContext=WARN
log4j.logger.org.apache.shiro.cache.ehcache.EhCache=WARN

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#
# =============================================================================
# Quickstart INI Realm configuration
#
# For those that might not understand the references in this file, the
# definitions are all based on the classic Mel Brooks' film "Spaceballs". ;)
# =============================================================================
# -----------------------------------------------------------------------------
# Users and their assigned roles
#
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc
# -----------------------------------------------------------------------------
[users]
# user 'root' with password 'secret' and the 'admin' role
root = secret, admin
# user 'guest' with the password 'guest' and the 'guest' role
guest = guest, guest
# user 'presidentskroob' with password '12345' ("That's the same combination on
# my luggage!!!" ;)), and role 'president'
presidentskroob = 12345, president
# user 'darkhelmet' with password 'ludicrousspeed' and roles 'darklord' and 'schwartz'
darkhelmet = ludicrousspeed, darklord, schwartz
# user 'lonestarr' with password 'vespa' and roles 'goodguy' and 'schwartz'
lonestarr = vespa, goodguy, schwartz
# -----------------------------------------------------------------------------
# Roles with assigned permissions
#
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc
# -----------------------------------------------------------------------------
[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
admin = *
# The 'schwartz' role can do anything (*) with any lightsaber:
schwartz = lightsaber:*
# The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with
# license plate 'eagle5' (instance specific id)
goodguy = winnebago:drive:eagle5

3、HelloWorld

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
 * Simple Quickstart application showing how to use Shiro's API.
 *
 * @since 0.9 RC2
 */
public class Quickstart {
    private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);
    public static void main(String[] args) {
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        SecurityManager securityManager = factory.getInstance();
        // for this simple example quickstart, make the SecurityManager
        // accessible as a JVM singleton.  Most applications wouldn't do this
        // and instead rely on their container configuration or web.xml for
        // webapps.  That is outside the scope of this simple quickstart, so
        // we'll just do the bare minimum so you can continue to get a feel
        // for things.
        SecurityUtils.setSecurityManager(securityManager);
        // 获取当前的用户对象
        Subject currentUser = SecurityUtils.getSubject();
        // Do some stuff with a Session (no need for a web or EJB container!!!)
        // 通过当前用户拿到session
        Session session = currentUser.getSession();
        session.setAttribute("someKey", "aValue");
        String value = (String) session.getAttribute("someKey");
        if (value.equals("aValue")) {
            log.info("Retrieved the correct value! [" + value + "]");
        }
        // let's login the current user so we can check against roles and permissions:
        // 判断当前的用户是否被认证
        if (!currentUser.isAuthenticated()) {
            // token:令牌
            UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
            // 设置记住我
            token.setRememberMe(true);
            try {
                currentUser.login(token);  // 执行了登录操作
            } catch (UnknownAccountException uae) {   // 报错:找不到用户
                log.info("There is no user with username of " + token.getPrincipal());
            } catch (IncorrectCredentialsException ice) { // 报错: 密码不对
                log.info("Password for account " + token.getPrincipal() + " was incorrect!");
            } catch (LockedAccountException lae) {  // 报错:用户被锁定了
                log.info("The account for username " + token.getPrincipal() + " is locked.  " +
                        "Please contact your administrator to unlock it.");
            }
            // ... catch more exceptions here (maybe custom ones specific to your application?
            catch (AuthenticationException ae) {  // 最大的异常   认证异常
                //unexpected condition?  error?
            }
        }
        //say who they are:
        //print their identifying principal (in this case, a username):
        log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
        //test a role:
        if (currentUser.hasRole("schwartz")) {
            log.info("May the Schwartz be with you!");
        } else {
            log.info("Hello, mere mortal.");
        }
        // 粗粒度 控制权限
        //test a typed permission (not instance-level)
        if (currentUser.isPermitted("lightsaber:wield")) {
            log.info("You may use a lightsaber ring.  Use it wisely.");
        } else {
            log.info("Sorry, lightsaber rings are for schwartz masters only.");
        }
        // 细粒度 控制权限
        //a (very powerful) Instance Level permission:
        if (currentUser.isPermitted("winnebago:drive:eagle5")) {
            log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " +
                    "Here are the keys - have fun!");
        } else {
            log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
        }
        //all done - log out!
        /* 注销 */
        currentUser.logout();
        System.exit(0);
    }
}

shiro核心方法

// 获取当前的用户对象
Subject currentUser = SecurityUtils.getSubject();
// 通过当前用户拿到session
Session session = currentUser.getSession();
//用户是否被认证
currentUser.isAuthenticated()
// 用户权限
currentUser.getPrincipal()
// 获取用户角色
currentUser.hasRole("schwartz")
// 控制权限
currentUser.isPermitted("lightsaber:wield");
/* 注销 */
currentUser.logout();

shiro整合springboot

shiro核心的SecurityUtils.getSubject(); 可以拿到当前用户 session等

1、导入依赖

<!-- 整合spring -->
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.8.0</version>
</dependency>

2、创建pojo

package com.wen.pojo;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
/**
 * @Author WangEn
 * @CreateTime: 2021-12-23-15-32
 */
@Data
@AllArgsConstructor
@NoArgsConstructor
public class User {
    private int id;
    private String name;
    private String pwd;
    private String perms;
}

3、mapper接口

package com.wen.mapper;
import com.wen.pojo.User;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
import org.springframework.stereotype.Repository;
/**
 * @Author WangEn
 * @CreateTime: 2021-12-23-15-38
 */
@Repository
@Mapper
public interface UserMapper {
    User queryByName(@Param("name") String name);
}

4、service和serviceImpl

package com.wen.service;
import com.wen.pojo.User;
/**
 * @Author WangEn
 * @CreateTime: 2021-12-23-15-44
 */
public interface UserService {
    User queryByName(String name);
}

package com.wen.service.impl;
import com.wen.mapper.UserMapper;
import com.wen.pojo.User;
import com.wen.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
/**
 * @Author WangEn
 * @CreateTime: 2021-12-23-15-44
 */
@Service
public class UserServiceImpl implements UserService {
    @Autowired
    private UserMapper userMapper;
    @Override
    public User queryByName(String name) {
        return userMapper.queryByName(name);
    }
}

5、搭建环境controller

package com.wen.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
/**
 * @Author WangEn
 * @CreateTime: 2021-12-22-17-28
 */
@Controller
public class IndexController {
    @RequestMapping({"/","index"})
    public String index(Model model){
        model.addAttribute("msg","hello,shiro");
        return "index";
    }
    @RequestMapping("user/add")
    public String add(){
        return "user/add";
    }
    @RequestMapping("user/update")
    public String update(){
        return "user/update";
    }
    @RequestMapping("/toLogin")
    public String login(){
        return "login";
    }
    @RequestMapping("/noAuth")
    @ResponseBody
    public String unauthorized(){
        return "未经授权无权访问";
    }
}

6、前端templates下 gitee shiro仓库

shiro实现登录拦截

@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager securityManager){
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    // 设置安全管理器
    bean.setSecurityManager(securityManager);
    // 添加shiro的内置过滤器
    /**
         * anon:无需认证  就能  访问
         * authc:必须认证  才能  访问
         * user:必须有  记住我  才能  访问
         * perms:拥有对某个资源的权限才能访问
         * role:拥有某个角色  才能  访问
         */
    Map<String, String> map = new LinkedHashMap<>();
    bean.setLoginUrl("/toLogin");  // 设置登录页面
    return bean;
}

shiro实现用户认证

// ShiroFilterFactoryBean      3    倒叙编写  会发现  上调用下
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager securityManager){
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    // 设置安全管理器
    bean.setSecurityManager(securityManager);
    // 添加shiro的内置过滤器
    /**
         * anon:无需认证  就能  访问
         * authc:必须认证  才能  访问
         * user:必须有  记住我  才能  访问
         * perms:拥有对某个资源的权限才能访问
         * role:拥有某个角色  才能  访问
         */
    Map<String, String> map = new LinkedHashMap<>();
    //map.put("user/add","authc");  // 必须认证才能访问
    //map.put("user/update","authc");
    map.put("/user/add","perms[user:add]");  //  perms:拥有add的权限才能访问
    map.put("/user/update","perms[user:update]");  //  perms:拥有add的权限才能访问
    map.put("/user/*","authc");     /* key  为路径  要在路径前面 + / 才能找到 */
    bean.setFilterChainDefinitionMap(map);
    bean.setLoginUrl("/toLogin");  // 设置登录页面
    bean.setUnauthorizedUrl("/noAuth");  // 没有授权跳转的路径
    return bean;
}

shiro整合mybaits

1、导入依赖

<!--mybait-->
<dependency>
    <groupId>org.mybatis.spring.boot</groupId>
    <artifactId>mybatis-spring-boot-starter</artifactId>
    <version>2.2.0</version>
</dependency>
<!--数据库驱动-->
<dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <scope>runtime</scope>
</dependency>
<!--druid-->
<dependency>
    <groupId>com.alibaba</groupId>
    <artifactId>druid</artifactId>
    <version>1.1.21</version>
</dependency>

2、配置properties yml文件

spring.thymeleaf.cache=false
# 别名
mybatis.type-aliases-package=com.wen.pojo
# 指定mapper映射文件
mybatis.mapper-locations=classpath:mapper/*.xml

spring:
  datasource:
    username: root
    password: root
    url: jdbc:mysql://localhost:3306/mybatis?useSSL=true&characterEncoding=utf-8&serverTimezone=UTC
    driver-class-name: com.mysql.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource
    #配置监控统计拦截的filters,stat:监控统计、log4j:日志记录、wall:防御sql注入
    #如果允许报错,java.lang.ClassNotFoundException: org.apache.Log4j.Properity
    #则导入log4j 依赖就行
    filters: stat,wall,log4j
    maxPoolPreparedStatementPerConnectionSize: 20
    useGlobalDataSourceStat: true
    connectionoProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500

3、在resources下创建mapper文件夹、创建mapper.xml文件

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
        PUBLIC "-//mapper.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.wen.mapper.UserMapper">
    <select id="queryByName" parameterType="String" resultType="User">
        select * from tb_user where name = #{name};
    </select>
</mapper>

shiro请求授权实现

1、在自定义Realm类中 重写 了 授权 和认证方法

在这里进行授权实现

 @Override  // 授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了==>授权doGetAuthorizationInfo");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 通过认证return  传递的  参数   通过工具类拿到  传递的参数
        Subject subject = SecurityUtils.getSubject();
        User currentUser = (User) SecurityUtils.getSubject().getPrincipal();
        // 设置用户权限            从数据库中  查出来的
        info.addStringPermission(currentUser.getPerms());
        return info;
    }

2、开始认证

@Override // 认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    System.out.println("执行了==>认证doGetAuthenticationInfo");
    /*        String userName = "root";  // 假数据
        String password = "12345";*/
    Subject subject = SecurityUtils.getSubject();
    // 强转 token
    UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
    User user = userService.queryByName(userToken.getUsername());
    Session session = subject.getSession();
    session.setAttribute("loginUser",user);
    if (user == null) {  // 用户为空  就是  UnknownAccountException
        return null;
    }
    /*if (!userToken.getUsername().equals(userName)){
            return null;
        }*/
    // 密码认证,shiro自动做~  通过shiro底层  调用自定义用户类 和 配置类 组合认证
    //return new SimpleAuthenticationInfo("",password,"");
    //return new SimpleAuthenticationInfo("",user.getPwd(),"");
    return new SimpleAuthenticationInfo(user,user.getPwd(),"");
}

shiro整合thymeleaf

1、导入依赖

<!--shiro整合thymeleaf-->
<dependency>
    <groupId>com.github.theborakompanioni</groupId>
    <artifactId>thymeleaf-extras-shiro</artifactId>
    <version>2.1.0</version>
</dependency>

2、前端引入头文件

xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro"

3、后端配置thymeleaf对象 在自定义Realm中写 extends AuthorizingRealm

// shiroDialect:整个shiro和thymeleaf
@Bean
public ShiroDialect dialect(){
    return new ShiroDialect();
}

4、前端写html

<p th:text="${msg}"></p>
<div th:if="${#strings.isEmpty(session.loginUser)}">
    <a th:href="@{/toLogin}">登录</a>
</div>
<div shiro:hasPermission="user:add">
    <a th:href="@{user/add}">add</a>
</div>
<div shiro:hasPermission="user:update">
    <a th:href="@{user/update}">update</a>
</div>

shiro总结

shiro核心:subject对象、securityManager、Realm对象

通过自定义UserRealm来extends AuthorizingRealm这个类,重写 授权 认证方法 那么这个类就是自定义类

然后配置shiroconfig类,通过倒叙三部曲需要自定义 类 1 DefaultWebSecurityManager 2 ShiroFilterFactoryBean 3 倒叙编写 会发现 上调用下 两个类通过底层相互结合,来达到shiro安全控制

1、自定义UserRealm

package com.wen.config;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.wen.pojo.User;
import com.wen.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
/**
 * @Author WangEn
 * @CreateTime: 2021-12-22-17-31
 */
// 自定义的  UserRealm    Authorizing :授权  extends AuthorizingRealm
public class UserRealm extends AuthorizingRealm{
    @Autowired
    UserService userService;
    @Override  // 授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了==>授权doGetAuthorizationInfo");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 通过认证return  传递的  参数   通过工具类拿到  传递的参数
        Subject subject = SecurityUtils.getSubject();
        User currentUser = (User) SecurityUtils.getSubject().getPrincipal();
        // 设置用户权限            从数据库中  查出来的
        info.addStringPermission(currentUser.getPerms());
        return info;
    }
    @Override // 认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("执行了==>认证doGetAuthenticationInfo");
/*        String userName = "root";  // 假数据
        String password = "12345";*/
        Subject subject = SecurityUtils.getSubject();
        // 强转 token
        UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
        User user = userService.queryByName(userToken.getUsername());
        Session session = subject.getSession();
        session.setAttribute("loginUser",user);
        if (user == null) {  // 用户为空  就是  UnknownAccountException
            return null;
        }
        /*if (!userToken.getUsername().equals(userName)){
            return null;
        }*/
        // 密码认证,shiro自动做~  通过shiro底层  调用自定义用户类 和 配置类 组合认证
        //return new SimpleAuthenticationInfo("",password,"");
        //return new SimpleAuthenticationInfo("",user.getPwd(),"");
        return new SimpleAuthenticationInfo(user,user.getPwd(),"");
    }
    // shiroDialect:整个shiro和thymeleaf
    @Bean
    public ShiroDialect dialect(){
        return new ShiroDialect();
    }
}

2、shiroConfig配置类

package com.wen.config;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
/**
 * @Author WangEn
 * @CreateTime: 2021-12-22-17-30
 */
@Configuration
public class ShiroConfig {
    // ShiroFilterFactoryBean      3    倒叙编写  会发现  上调用下
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        // 设置安全管理器
        bean.setSecurityManager(securityManager);
        // 添加shiro的内置过滤器
        /**
         * anon:无需认证  就能  访问
         * authc:必须认证  才能  访问
         * user:必须有  记住我  才能  访问
         * perms:拥有对某个资源的权限才能访问
         * role:拥有某个角色  才能  访问
         */
        Map<String, String> map = new LinkedHashMap<>();
        //map.put("user/add","authc");  // 必须认证才能访问
        //map.put("user/update","authc");
        map.put("/user/add","perms[user:add]");  //  perms:拥有add的权限才能访问
        map.put("/user/update","perms[user:update]");  //  perms:拥有add的权限才能访问
        map.put("/user/*","authc");     /* key  为路径  要在路径前面 + / 才能找到 */
        bean.setFilterChainDefinitionMap(map);
        bean.setLoginUrl("/toLogin");  // 设置登录页面
        bean.setUnauthorizedUrl("/noAuth");  // 没有授权跳转的路径
        return bean;
    }
    // DefaultWebSecurityManager   2
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager securityManager(@Qualifier("userRealm")AuthorizingRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 关联自定义的Realm对象
        securityManager.setRealm(userRealm);
        return securityManager;
    }
    // 常见Realm对象,需要自定义 类  1
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }
}

………

其余代码在gitee shiro仓库https://gitee.com/w-en/dashboard/projects?sort=&scope=&state=private

鄂东男孩
关注
专栏目录
shiro入门
trasewell的博客
09-25 907
目录: 1.pom.xml 2.applicationContext.xml 3.applicationContext-mybatis.xml 4.SpringBaseTest 5.优化分页 1.pom.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4...
shiro简介及入门
qq_44847231的博客
10-13 575
文章目录shiro简介1. 什么是shiro2. 在应用程序角度来观察如何使用Shiro完成工作3. shiro架构Shiro入门案例Shiro与web容器的集成 shiro简介 1. 什么是shiro shiro是apache的一个开源框架,是一个权限管理的框架,实现 用户认证、用户授权。 spring中有spring security (原名Acegi),是一个权限框架,它和spring依赖过...
Shiro 入门教程 - Shiro Realm
最新发布
smart_an的专栏
07-18 600
即用户 - 角色之间是多对多关系,角色 - 权限之间是多对多关系;且用户和权限之间通过角色建立关系;在系统中验证时通过权限验证,角色只是权限集合,即所谓的显示角色;其实权限应该对应到资源(如菜单、URL、页面按钮、Java 方法等)中,即应该将权限字符串存储到资源实体中,但是目前为了简单化,直接提取一个权限表,【综合示例】部分会使用完整的表结构。用户实体包括:编号 (id)、用户名 (username)、密码 (password)、盐 (salt)、是否锁定 (locked);
Shiro入门(一)
小狐狸的博客
04-04 815
0. Shiro是什么? 简单的来说 Apache Shiro 是一个强大灵活的开源安全框架,可以完全处理身份验证、授权、加密和会话管理。 shiro的四大基石 Authentication(认证):用户身份识别,通常被称为用户“登录” Authorization(授权): 访问控制。比如某个用户是否具有某个操作的使用权限。 Session Management(会话管理): 特定于用户的会话管理,甚至在非web 或 EJB 应用程序。 Cryptography(加密): 在对数据源使用加密
shiro入门(一)
qq_43059674的博客
10-12 151
Shiro简介 1. 什么是shiro shiro是apache的一个开源框架,是一个权限管理的框架,实现 用户认证、用户授权。 spring中有spring security (原名Acegi),是一个权限框架,它和spring依赖过于紧密,没有shiro使用简单。 shiro不依赖于spring,shiro不仅可以实现 web应用的权限管理,还可以实现c/s系统, 分布式系统权限管理,shi...
Shiro入门(1)
热门推荐
小9的专栏
08-14 1万+
Shiro在web开发中的基础使用方式
Shiro入门到精通
06-26
本课程“Shiro入门到精通”旨在帮助开发者全面理解和掌握Shiro的使用,通过与Spring Security的对比,进一步突出Shiro在实际开发中的优势和适用场景。 首先,我们来探讨Shiro的基础知识。Shiro的核心组件包括...
Shiro入门.rar
06-12
在这个"Shiro入门"压缩包中,包含了笔记和源码,是学习Shiro基础知识的好资源。 **一、Shiro基本概念** 1. **认证**:也称为身份验证,是确认用户身份的过程,通常通过用户名和密码进行验证。 2. **授权**:也称为...
shiro入门demo
04-18
本教程将引导你入门 Shiro,通过一个简单的 demo 来理解其基本概念和用法。 1. **Shiro 的核心组件** - **Subject**: Shiro 中的核心概念,代表当前操作的用户或系统中的任何实体。它封装了认证、授权、会话和加密...
Shiro入门教程
08-08
Shiro入门实例 Shiro入门教程 Shiro框架学习demo http://www.xttblog.com/?p=669 权限管理教程。Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能。 Shiro可以在任何环境下运行,小到最...
shiro 入门
客人
02-28 254
一、概述Apache ShiroJava的一个安全框架,旨在简化身份验证和授权。ShiroJavaSE和JavaEE项目中都可以使用。它主要用来处理身份认证,授权,企业会话管理和加密等。Shiro的具体功能点如下:(1)身份认证/登录,验证用户是不是拥有相应的身份; (2)授权,即权限验证,验证某个已认证的用户是否拥有某个权限;即判断用户是否能做事情,常见的如:验证某个用户是否拥有某个角色。或...
Java私塾:Shiro入门与实战全解析
2. **Shiro入门**:首先阐述Shiro的定义、主要功能以及整体架构,接着通过一个简单的HelloWorld例子,让学员对Shiro有个初步认识。 3. **Shiro的配置**:讲解程序和配置文件(ini)的配置方法,涉及权限字符串配置...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值