入门
十分钟快速入门:https://shiro.apache.org/10-minute-tutorial.html
下载源码:https://shiro.apache.org/download.html
代码分析
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager);
根据Realm获取SecurityManager对象设置给SecurityUtils中的SecurityManager属性,并且SecurityUtils是单例的
可以通过SecurityUtils的getSubject方法获取Subject对象
SubjectAPI
Subject currentUser = SecurityUtils.getSubject(); //Session Session session = currentUser.getSession(); session.setAttribute("someKey", "aValue"); String value = (String) session.getAttribute("someKey"); //判断是否认证成功 currentUser.isAuthenticated() //登录(根据用户名获取用户信息,比较密码是否一致) currentUser.login(token); //获取主要标识 currentUser.getPrincipal() //判断角色 currentUser.hasRole("schwartz") //判断权限 currentUser.isPermitted("winnebago:drive:eagle5") //退出 currentUser.logout();