Shiro入门文章

最新推荐文章于 2024-09-15 19:46:31 发布

wu_man_xin

最新推荐文章于 2024-09-15 19:46:31 发布

阅读量65

点赞数

文章标签： java jvm apache

本文链接：https://blog.csdn.net/wu_man_xin/article/details/126329759

版权

1.导入shiro依赖

<dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.9.1</version>
</dependency>

2.编写shiro.ini文件

[users]
test=123456
test2=456
test3=789

3.编写测试类

package com.wmx;

import com.wmx.realm.CustomerRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;

import java.util.Arrays;


public class TestAuthenticator {
    public static void main(String[] args) {
        //创建安全管理器对象
        DefaultSecurityManager securityManager = new DefaultSecurityManager();
        //给安全管理器设置realms
        securityManager.setRealm(new CustomerRealm());
//        securityManager.setRealm(new IniRealm("classpath:shiro.ini"));
        //全局安全工具类SecurityUtils，提供认证、退出方法
        //给全局工具类设置安全管理器
        SecurityUtils.setSecurityManager(securityManager);
        //认证关键对象subject主体
        Subject subject = SecurityUtils.getSubject();
        //创建令牌,并且设置身份信息与凭证信息
        UsernamePasswordToken token = new UsernamePasswordToken("test", "123456");

        try {
            System.out.println("认证前，认证状态：" + subject.isAuthenticated());
            //用户认证
            subject.login(token);
            System.out.println("认证后，认证状态：" + subject.isAuthenticated());
            //认证失败时会抛异常
        } catch (UnknownAccountException e) {
            System.out.println("认证失败：用户名不存在");
        } catch (IncorrectCredentialsException e) {
            System.out.println("认证失败：密码错误");
        } catch (Exception e) {
            e.printStackTrace();
        }

        System.out.println("---------------------------------------------------------------");
        if (subject.isAuthenticated()) {
            System.out.println(subject.hasRole("admin"));
            System.out.println(subject.hasAllRoles(Arrays.asList("admin", "user")));
            System.out.println(subject.isPermitted("user:*:*"));
            System.out.println(subject.isPermitted("user:update:*"));
        }

    }
}

4.编写自定义的reaml

package com.wmx.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/**
 * @Description 自定义reaml
 * @Author 吴满心
 * @Date 2022/8/14 11:06
 * @Version 1.0
 */
public class CustomerRealm extends AuthorizingRealm {

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        Object principal = (String) token.getPrincipal();
        System.out.println("获取的用户名为:" + principal);
        SimpleAuthenticationInfo authentication = new SimpleAuthenticationInfo("test", "123456", this.getName());
        return authentication;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.addRole("admin");
        simpleAuthorizationInfo.addRole("user");
        simpleAuthorizationInfo.addStringPermission("user:*:*");
        return simpleAuthorizationInfo;
    }


}