ini配置文件
#用户
[users]
#用户zhang的密码是123,此用户具有role1和role2两个角色
zhang=123,role1,role2
wang=123,role2
#权限
[roles]
#角色role1对资源user拥有create、update权限
role1=user:create,user:update
#角色role2对资源user拥有create、delete权限
role2=user:create,user:delete
#角色role3对资源user拥有create权限
role3=user:create
权限标识符规则:资源:操作:实例(中间使用半角:分割)
user:creare:01 表示对用户资源的01实例进行create操作
user:create:表示对用户资源进行create操作,相当于user:create:*,对所有用户资源实例进行create操作
user:*01 表示对用户资源实例01进行所有操作
测试代码
@Test
public void testAuthorization() {
// 创建securityManager工厂,用过ini配置文件创建securityManager工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-permission.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhang", "123");
try {
subject.login(token);
} catch (AuthenticationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("认证状态 : " + subject.isAuthenticated());
//认证通过后执行授权
//基于角色的授权
//hasRole传入角色标识
boolean ishasRole = subject.hasRole("role1");
System.out.println("单个角色判断"+ishasRole);
//hasAllRoles是否拥有多个角色
boolean hasAllRoles = subject.hasAllRoles(Arrays.asList("role1","role2"));
System.out.println("单多个角色判断"+hasAllRoles);
//基于资源的授权
//isPermitted传入权限标识符
boolean isPermitted = subject.isPermitted("user:create");
System.out.println("单个权限判断"+isPermitted);
boolean isPermittedAll = subject.isPermittedAll("user:create:1","user:update");
System.out.println("多个权限判断"+isPermittedAll);
subject.checkPermission("items:create");
}