1.pom.xml文件,这次增加了junit来进行单元测试
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.test</groupId>
<artifactId>myShiro</artifactId>
<version>1.0-SNAPSHOT</version>
<dependencies>
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.6.4</version>
</dependency>
<!-- https://mvnrepository.com/artifact/c3p0/c3p0 -->
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>6.0.6</version>
</dependency>
<!-- https://mvnrepository.com/artifact/junit/junit -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
</dependencies>
</project>
2.配置文件shiro_role.ini
[users]
jack1234=1234,role1,role2
hello =123,role1
3.ShiroUtil.java文件,将登陆进行封装的文件com.test.common.ShiroUtil.java
package com.test.common;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
/**
* Created by guanguan on 17/6/12.
*/
public class ShiroUtil {
public static Subject login(String configFile, String userName, String passWord) {
//读配置文件,初始化SecurityManager
Factory<SecurityManager> factory = new IniSecurityManagerFactory(configFile);
//获取SecurityManager实例
SecurityManager securityManager = factory.getInstance();
//把SecurityManager实例绑定到SecurityUtils
SecurityUtils.setSecurityManager(securityManager);
//获取当前登录的用户
Subject currentUser = SecurityUtils.getSubject();
//构建token令牌。用户名/密码
UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
try {
//身份认证
currentUser.login(token);
System.out.println("登录成功");
} catch (AuthenticationException e) {
e.printStackTrace();
System.out.println("登录失败");
}
return currentUser;
}
}
4.测试文件com.test.shiro.roleTest.java
package com.test.shiro;
import com.test.common.ShiroUtil;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import java.util.Arrays;
/**
* Created by guanguan on 17/6/12.
*/
public class roleTest {
@Test
public void testHasRole(){
Subject currentUser = ShiroUtil.login("classpath:shiro_role.ini","jack1234","1234");
System.out.println(currentUser.hasRole("role1")?"有这个角色":"没有这个角色");
boolean[] results = currentUser.hasRoles(Arrays.asList("role1","role2","role3"));
System.out.println(results[0]?"有这个role1角色":"没有role1这个角色");
System.out.println(results[1]?"有这个role2角色":"没有role2这个角色");
System.out.println(results[2]?"有这个role3角色":"没有role3这个角色");
System.out.println(currentUser.hasAllRoles(Arrays.asList("role1","role2"))?"role1,role2都有":"role1,role2不全有");
}
}
运行结果:
登录成功
有这个角色
有这个role1角色
有这个role2角色
没有role3这个角色
role1,role2都有
Process finished with exit code 0
5.继续进行单元测试来学习checkRole()方法,该方法没有返回值,如果错误,会抛出异常,如果正确,什么也不会打印
package com.test.shiro;
import com.test.common.ShiroUtil;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import java.util.Arrays;
/**
* Created by guanguan on 17/6/12.
*/
public class roleTest {
@Test
public void testCheckRole(){
Subject currentUser = ShiroUtil.login("classpath:shiro_role.ini","jack1234","1234");
//无返回值
currentUser.checkRole("role2");
currentUser.checkRoles(Arrays.asList("role1","role2","role3"));
currentUser.checkRoles("role1","role2","role3");
}
}
运行结果
登录成功
org.apache.shiro.authz.UnauthorizedException: Subject does not have role [role3]
at org.apache.shiro.authz.ModularRealmAuthorizer.checkRole(ModularRealmAuthorizer.java:421)
at org.apache.shiro.authz.ModularRealmAuthorizer.checkRoles(ModularRealmAuthorizer.java:440)
at org.apache.shiro.authz.ModularRealmAuthorizer.checkRoles(ModularRealmAuthorizer.java:430)
at org.apache.shiro.mgt.AuthorizingSecurityManager.checkRoles(AuthorizingSecurityManager.java:169)
at org.apache.shiro.subject.support.DelegatingSubject.checkRoles(DelegatingSubject.java:251)
at com.test.shiro.roleTest.testCheckRole(roleTest.java:36)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:117)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:42)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:253)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:84)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Process finished with exit code 255
如若是正确的情况:
@Test
public void testCheckRole(){
Subject currentUser = ShiroUtil.login("classpath:shiro_role.ini","jack1234","1234");
//无返回值
currentUser.checkRole("role2");
currentUser.checkRoles(Arrays.asList("role1","role2"));
currentUser.checkRoles("role1","role2");
}
运行结果
登录成功
Process finished with exit code 0
------------------------------------------------------------------------------
接下来学习权限:
6.配置文件:shiro_permission.ini
[users]
jack1234=1234,role1,role2
hello =123,role1
[roles]
role1=user:select
role2=user:add,user:update,user:delete
备注:user后面的“:”也可改为"."但要与代码保持一致即可
[users]
jack1234=1234,role1,role2
hello =123,role1
[roles]
role1=user.select
role2=user.add,user.update,user.delete
7.测试文件permissionTest.java文件学习isPermission()方法
package com.test.shiro;
import com.test.common.ShiroUtil;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
/**
* Created by guanguan on 17/6/12.
*/
public class permissionTest {
@Test
public void testIsPermission(){
// Subject currentUser = ShiroUtil.login("classpath:shiro_permission.ini","jack1234","1234");
Subject currentUser = ShiroUtil.login("classpath:shiro_permission.ini","hello","123");
currentUser.isPermitted("user:select");
System.out.println(currentUser.isPermitted("user:select")?"有user:select权限":"没有user:select权限");
System.out.println(currentUser.isPermitted("user:update")?"有user:update":"没有user:update权限");
boolean[] results =currentUser.isPermitted("user:select","user:update","user:delete");
System.out.println(results[0]?"有user:select权限":"没有user:select权限");
System.out.println(results[1]?"有user:update权限":"没有user:update权限");
System.out.println(results[2]?"有user:delete权限":"没有user:delete权限");
currentUser.logout();
}
}
运行结果
登录成功
有user:select权限
没有user:update权限
有user:select权限
没有user:update权限
没有user:delete权限
2017-06-12 16:45:12,334 DEBUG [org.apache.shiro.mgt.DefaultSecurityManager] - Logging out subject with primary principal hello
2017-06-12 16:45:12,337 DEBUG [org.apache.shiro.session.mgt.AbstractSessionManager] - Stopping session with id [3224ac02-ef09-40cb-a2ca-b27016a47e11]
Process finished with exit code 0
8.测试文件permissionTest.java文件学习checkPermission()方法,无返回值,如果该用户不具有该权限将抛异常,具有该权限,就什么也不打印
package com.test.shiro;
import com.test.common.ShiroUtil;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
/**
* Created by guanguan on 17/6/12.
*/
public class permissionTest {
@Test
public void testCheckPermission(){
Subject currentUser = ShiroUtil.login("classpath:shiro_permission.ini","jack1234","1234");
// Subject currentUser = ShiroUtil.login("classpath:shiro_permission.ini","hello","123");
currentUser.checkPermission("user:select");
currentUser.checkPermissions("user:select","user:delete");
currentUser.logout();
}
}
运行结果如下:
登录成功
2017-06-12 16:47:31,295 DEBUG [org.apache.shiro.mgt.DefaultSecurityManager] - Logging out subject with primary principal jack1234
2017-06-12 16:47:31,295 DEBUG [org.apache.shiro.session.mgt.AbstractSessionManager] - Stopping session with id [8887fe92-5389-408c-b1ae-69decde43270]
Process finished with exit code 0