Shiro
<!--引入shiro依赖-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.6.0</version>
</dependency>
</dependencies>
配置文件
shiro.ini (用来学习shiro书写我们系统中相关权限数据)暂时代替数据库
[users]
admin=123
zhangsan=123456
lisi=789
Shiro_java
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
public class TestAuthenticator {
public static void main(String[] args) {
//1.创建安全管理器对象
DefaultSecurityManager securityManager = new DefaultSecurityManager();
//2.给安全管理器设置realm
securityManager.setRealm(new IniRealm("classpath:shiro.ini"));
//3.SecurityUtils 给全局安全工具类设置安全管理器
SecurityUtils.setSecurityManager(securityManager);
//4.关键对象 subject 主体
Subject subject = SecurityUtils.getSubject();
//5.创建令牌
UsernamePasswordToken token = new UsernamePasswordToken("admin","123");
try {
System.out.println("认证状态" + subject.isAuthenticated());
subject.login(token);//用户认证
System.out.println("认证状态" + subject.isAuthenticated());
} catch (AuthenticationException e) {
e.printStackTrace();
}
}
}
自定义realm md5 salt hash散列
md5加密
(注册时加密保存到数据库)
import org.apache.shiro.crypto.hash.Md5Hash;
public class TestShiroMD5 {
public static void main(String[] args) {
//这种写法不行
// Md5Hash md5Hash = new Md5Hash();
// md5Hash.setBytes("123".getBytes());
// String s = md5Hash.toHex();
// System.out.println("s = " + s);
//使用md5
Md5Hash md5Hash = new Md5Hash("123");
System.out.println(md5Hash.toHex());
//使用md5+salt
Md5Hash md5HashSalt = new Md5Hash("123","@#xky");
System.out.println(md5HashSalt.toHex());
//使用md5+salt+hash散列
Md5Hash md5HashSaltHash = new Md5Hash("123","@#xky",1024);//散列次数
System.out.println(md5HashSaltHash.toHex());
}
}
CustomerMd5Realm
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* 自定义realm,加入MD5+salt+hash散列
*/
public class CustomerMd5Realm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取身份信息
String principal = (String)authenticationToken.getPrincipal();
//根据用户名查询数据库(暂时写死)
if("admin".equals(principal)){
return new SimpleAuthenticationInfo("admin"
,"306e6cf117f3513fff55ac6b9f5ef3f3",
ByteSource.Util.bytes("@#xky"),//加入随机盐
this.getName());
}
return null;
}
}
TestCustomerMd5RealmAuthenticator
import com.ll.realm.CustomerMd5Realm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
public class TestCustomerMd5RealmAuthenticator {
public static void main(String[] args) {
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
//设置realm使用hash凭证匹配器
CustomerMd5Realm realm = new CustomerMd5Realm();
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");
hashedCredentialsMatcher.setHashIterations(1024);//散列次数
realm.setCredentialsMatcher(hashedCredentialsMatcher);
defaultSecurityManager.setRealm(realm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("admin", "123");
try {
subject.login(token);
System.out.println("验证成功");
} catch (AuthenticationException e) {
e.printStackTrace();
System.out.println("验证失败");
}
}
}
shiro中的授权
在原有java类中添加授权信息…
CustomerMd5Realm
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
/**
* 自定义realm,加入MD5+salt+hash散列
*/
public class CustomerMd5Realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String primaryPrincipal = (String)principalCollection.getPrimaryPrincipal();
System.out.println("身份信息: " + primaryPrincipal);//用户名
//根据身份信息获取当前用户角色信息以及权限信息(查数据库) admin :admin user
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//数据库查询的角色信息赋值给权限对象
simpleAuthorizationInfo.addRole("admin");
simpleAuthorizationInfo.addRole("user");
//数据库查询的权限信息赋值给权限对象
simpleAuthorizationInfo.addStringPermission("user:*:01");
simpleAuthorizationInfo.addStringPermission("product:create");
return simpleAuthorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取身份信息
String principal = (String)authenticationToken.getPrincipal();
//根据用户名查询数据库
if("admin".equals(principal)){
return new SimpleAuthenticationInfo("admin"
,"306e6cf117f3513fff55ac6b9f5ef3f3",
ByteSource.Util.bytes("@#xky"),//加入随机盐
this.getName());
}
return null;
}
}
TestCustomerMd5RealmAuthenticator
import com.ll.realm.CustomerMd5Realm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import java.util.Arrays;
public class TestCustomerMd5RealmAuthenticator {
public static void main(String[] args) {
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
//设置realm使用hash凭证匹配器
CustomerMd5Realm realm = new CustomerMd5Realm();
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");
hashedCredentialsMatcher.setHashIterations(1024);//散列次数
realm.setCredentialsMatcher(hashedCredentialsMatcher);
defaultSecurityManager.setRealm(realm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("admin", "123");
try {
subject.login(token);
System.out.println("验证成功");
} catch (AuthenticationException e) {
e.printStackTrace();
System.out.println("验证失败");
}
//认证用户授权
if(subject.isAuthenticated()){
//1.基于角色的权限控制
System.out.println(subject.hasRole("admin"));
//2.基于多角色权限控制
System.out.println(subject.hasAllRoles(Arrays.asList("admin", "user")));
//是否具有其中一个角色
boolean[] booleans = subject.hasRoles(Arrays.asList("admin", "super", "user"));
for (boolean aBoolean : booleans) {
System.out.println(aBoolean);
}
System.out.println("==============================");
//基于权限字符串的访问控制,资源标识符:操作:资源类型
System.out.println(subject.isPermitted("user:update:01"));
System.out.println(subject.isPermitted("product:update"));
//分别具有哪些权限
boolean[] permitted = subject.isPermitted("user:*:01", "order:*:01");
for (boolean b : permitted) {
System.out.println(b);
}
//同时具有哪些权限
System.out.println(subject.isPermittedAll("user:update:01", "product:create"));
}
}
}