Shiro-授权
授权
授权,即访问控制,控制谁能访问哪些资源。
主体进行身份认证后需要分配权限,方可访问系统的资源,对于某些资源没有权限是无法访问的。
自定义授权
1、创建maven工程
2、在Maven中添加依赖的jar包
<dependencies>
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-nop -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<version>1.7.28</version>
<scope>test</scope>
</dependency>
</dependencies>
3在资源文件夹下配置ini文件(进行散列:将登录界面的信息进行加密散列处理,然后再在内部调用MyRealm进行认证)
[main]
#定义凭证匹配器
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher
#散列算法
credentialsMatcher.hashAlgorithmName=md5
#散列次数
credentialsMatcher.hashIterations=2
#指定realm
myRealm=com.longhe.MyRealm
#配置散列
myRealm.credentialsMatcher=$credentialsMatcher
#配置自定义散列
securityManager.realms=$myRealm
4.创建MyRealm类(自定义Realm 处理认证和授权)
package com.longhe;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.ArrayList;
public class MyRealm extends AuthorizingRealm {
/*认证*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
/*判断当前用户是否存在*/
/*获取用户名*/
String username = (String)token.getPrincipal();
/*从数据库中查出用户名和密码 真实要从数据库中获取*/
String name = "helong";
String pwd = "250135413be50fe9be4b78c75e02dcc2";/*存放数据的时候也要存入这种格式*/
/*判断身份信息*/
if(!name.equals(username)){
return null;
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(
username,
pwd,
ByteSource.Util.bytes("helong"),/*盐添加的位置*/
this.getName()
);
return info;
}
/*授权*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
/*获取当前身份信息*/
Object primaryPrincipal = principals.getPrimaryPrincipal();
/*假设 用户的角色 权限 -->实际从数据库中查询出来的*/
ArrayList<String> roles = new ArrayList<>();
roles.add("role1");
roles.add("role2");
roles.add("role3");
/*假设 用户权限 -->实际从数据库中查询出来的*/
ArrayList<String> permission = new ArrayList<>();
permission.add("user:create");
permission.add("user:delete");
/*把角色和权限添加到授权当中*/
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roles);
info.addStringPermissions(permission);
return info;
}
}
5、授权验证
/*1.构建securityManager工厂 ini 加载配置文件*/
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
/*2.通过工厂创建securityManager*/
SecurityManager securityManager = factory.getInstance();
/* 3.将securityManager设置到运行环境中*/
SecurityUtils.setSecurityManager(securityManager);
/*4.创建一个Subject实例*/
Subject subject = SecurityUtils.getSubject();
/*5.创建token令牌 -->这些数据实际是用户登录时候输入的用于验证的内容,然后再通过配置文件进行加密处理,在通过MyRealm进行验证,验证之后,通过验证后再设置权限*/
UsernamePasswordToken token = new UsernamePasswordToken("helong", "1234");
/* 6.用户登录*/
try {
subject.login(token);
} catch (UnknownAccountException e) {
System.out.println("账号不存在");
e.printStackTrace();
}catch (IncorrectCredentialsException e){
System.out.println("密码不正确");
e.printStackTrace();
}
System.out.println("是否认证成功:"+subject.isAuthenticated());
/*认证成功之后才做授权*/
/*认证成功之后判断当前用户是否有某一个角色和某一个权限*/
/*判断当前用户有没有对应角色*/
System.out.println(subject.hasRole("role1"));
System.out.println(subject.hasRole("role2"));
System.out.println(subject.hasRole("role3"));
/*判断当前用户是否同时具有多个权限*/
System.out.println(subject.hasRoles(Arrays.asList("role1","role2","role3")));
/*判断是否有某一个权限*/
System.out.println(subject.isPermitted("user:create"));
/*判断是否同时具有多个权限*/
System.out.println(subject.isPermittedAll("user:create","user:update"));
}