demo1
shiro的认证操作
public class Demo1 { public static void main(String[] args) { //1.创建安全管理器工厂 Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro/demo.ini"); //2.创建安全管理器 SecurityManager securityManager = factory.getInstance(); //3.初始化SecurityUtils SecurityUtils.setSecurityManager(securityManager); //4.获取Subject Subject subject = SecurityUtils.getSubject(); //5.认证操作 //封装用户名和密码 try { UsernamePasswordToken token = new UsernamePasswordToken("fyc","123"); subject.login(token); System.out.println("登陆成功!"); } catch (AuthenticationException e) { // TODO Auto-generated catch block e.printStackTrace(); System.out.println("登录失败"); } } }
demo.ini文件的配置
# 配置自己的realm
myRealm=com.test.shrio.realm.MyRealm
# SecurityManager关联Realm
securityManager.realm=$myRealm
授权的demo2
public class Demo2 { //授权demo public static void main(String[] args) { ////1.创建安全管理器工厂 IniSecurityManagerFactory managerFactory = new IniSecurityManagerFactory("classpath:shiro/demo.ini"); //2.创建安全管理器 SecurityManager securityManager = managerFactory.getInstance(); //3.初始化SecurityUtils SecurityUtils.setSecurityManager(securityManager); //4.获取Subject Subject subject = SecurityUtils.getSubject(); //5.认证操作 try { AuthenticationToken token = new UsernamePasswordToken("root","123"); subject.login(token); System.out.println("登陆成功"); //开始授权 //一、基于资源授权 System.out.println("当前角色是否拥有用户增加权限:"+subject.isPermitted("userAdd")); System.out.println("当前角色是否拥有用户增加和修改权限:"+ Arrays.toString( subject.isPermitted("userAdd","userEdit") )); //通用授权符 System.out.println("当前角色是否拥有用户增加和修改权限:"+ Arrays.toString( subject.isPermitted("user:add","user:edit") )); //二、基于角色授权 System.out.println("当前用户是否是超级管理员:"+subject.hasRole("admin")); } catch (UnknownAccountException e) { System.out.println("登录失败:用户名不存在"); }catch (IncorrectCredentialsException e) { System.out.println("登录失败:密码错误"); } } }
MyRealm.java
package com.test.shrio.realm; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.Subject; public class MyRealm extends AuthorizingRealm{ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection prCollection) { System.out.println("执行授权操作"); //一、基于资源授权 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); //获取当前的登陆客户 Subject subject = SecurityUtils.getSubject(); Object loginUser = subject.getPrincipals(); //基于资源的授权 info.addStringPermission("userAdd"); info.addStringPermission("user:edit"); //通配符授权 info.addStringPermission("user:*"); //2.基于角色授权 info.addRole("admin"); return info; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("执行认证操作"); //模拟数据库 String username="root"; String password="123"; UsernamePasswordToken userPasswordToken=(UsernamePasswordToken) token; System.out.println(userPasswordToken.getUsername()+"-----------:"); //用户名是否存在 if(!username.equals(userPasswordToken.getUsername())){ //返回null,触发shiro抛出UnKnowAccountException return null; } //密码是否正确 /** * 第二个参数:数据库的密码 * shiro底层判断: * 1)如果和用户输入的一致,认证通过 * 2)如果和用户输入的不一致,抛出IncorrectCridiailsException异常 */ return new SimpleAuthenticationInfo(username, password ,username); } }
shiro的spring web的demo
上传到我的github上了https://github.com/fengyangcai/shiro-web.git