shiro的基本入门
shiro_quickStart
- github上shiro托管的地址:https://github.com/apache/shiro
- 导入依赖(在quickstart中拿到的pom需要自己找版本,也可以在父工程中找)
- 使用quickstart还需要引入log4j.properties和shiro.ini文件
- 最后拿到quickstart.java文件,运行
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.2</version>
</dependency>
<!-- configure logging -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.25</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<scope>runtime</scope>
<version>1.2.17</version>
</dependency>
</dependencies>
Subject currentUser = SecurityUtils.getSubject();//通过工具类得到当前对象
Session session = currentUser.getSession();//通过当前用户获得session对象
currentUser.isAuthenticated();//当前用户是否已经认证
currentUser.getPrincipal();//获得已经认证的用户的信息,前提是需要在认证的时候传入才能获得
currentUser.hasRole("schwartz");//当前用户是否拥有角色
currentUser.isPermitted("lightsaber:wield");//当前用户是否拥有权限
currentUser.logout();//用户注销
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");//传入账户和密码
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
log.info("没有当前用户异常" + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
log.info("密码错误异常" + token.getPrincipal());
} catch (LockedAccountException lae) {
log.info("当前用户被锁定异常" + token.getPrincipal());
}
// ... catch more exceptions here (maybe custom ones specific to your application?
catch (AuthenticationException ae) {
//unexpected condition? error?
}
}
//say who they are:
//print their identifying principal (in this case, a username):
log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
//test a role:
if (currentUser.hasRole("schwartz")) {
log.info("May the Schwartz be with you!");
} else {
log.info("Hello, mere mortal.");
}
//test a typed permission (not instance-level)
if (currentUser.isPermitted("lightsaber:wield")) {
log.info("You may use a lightsaber ring. Use it wisely.");
} else {
log.info("Sorry, lightsaber rings are for schwartz masters only.");
}
//a (very powerful) Instance Level permission:
if (currentUser.isPermitted("winnebago:drive:eagle5")) {
log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'. " +
"Here are the keys - have fun!");
} else {
log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
}
//all done - log out!
currentUser.logout();
System.exit(0);
}
shiro的权限操作
定义一个shiro的配置类
0.shiro和spring整合需要导入依赖
//shiro和spring整合包
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.2</version>
</dependency>
<!-- shiro和thymeleaf的整合包 -->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
<!--mybatis整合shiro和spring-->
<dependency>
<groupId>org.mybatis