zoukankan      html  css  js  c++  java
  • shiro学习

    一些好的学习资源
    http://www.aiuxian.com/article/p-1802736.html

    shiro产生sessionId是通过UUID生成

    一、概念
    shiro是一个身份验证和角色管理的框架

    二、用户信息配置
    身份验证需要的信息(账号密码)以及角色管理(用户对应的角色)在shiro.ini的配置文件中配置,也可以选择将这两样信息放在数据库中

    shiro.ini

    如用户名为ly,密码为12345,角色为admin和user,则要这样配置 ly = 12345,admin,user

    # =============================================================================
    # Tutorial INI configuration
    #
    # Usernames/passwords are based on the classic Mel Brooks' film "Spaceballs" :)
    # =============================================================================
    
    # -----------------------------------------------------------------------------
    # Users and their (optional) assigned roles
    # username = password, role1, role2, ..., roleN
    # -----------------------------------------------------------------------------
    [users]
    root = secret, admin
    guest = guest, guest
    presidentskroob = 12345, president
    darkhelmet = ludicrousspeed, darklord, schwartz
    lonestarr = vespa, goodguy, schwartz
    ly = 12345,admin,user
    
    # -----------------------------------------------------------------------------
    # Roles with assigned permissions
    # roleName = perm1, perm2, ..., permN
    # -----------------------------------------------------------------------------
    [roles]
    admin = *
    schwartz = lightsaber:*
    goodguy = winnebago:drive:eagle5
    
    

    三、加载配置文件
    1、引入依赖包

    
    <dependencies>
            <dependency>
                <groupId>org.apache.shiro</groupId>
                <artifactId>shiro-core</artifactId>
                <version>1.1.0</version>
            </dependency>
            <!-- Shiro uses SLF4J for logging.  We'll use the 'simple' binding
                 in this example app.  See http://www.slf4j.org for more info. -->
            <dependency>
                <groupId>org.slf4j</groupId>
                <artifactId>slf4j-simple</artifactId>
                <version>1.6.1</version>
            </dependency>
    </dependencies>
    
    

    2、代码

     //1.
     Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
    
    //2.
    SecurityManager securityManager = factory.getInstance();
    
    //3.
    SecurityUtils.setSecurityManager(securityManager);
    
    

    四、做身份验证

    
            Subject currentUser = SecurityUtils.getSubject();
    
            Session session = currentUser.getSession();
            session.setAttribute("someKey", "aValue");
    
            if (!currentUser.isAuthenticated()) {
                 
               //这里是用户输入的账号ly和密码12345
                UsernamePasswordToken token = new UsernamePasswordToken("ly", "12345");
    
                token.setRememberMe(true);
    
                try {
                    
                    //调用login方法,shiro会将用户输入的信息与配置文件或数据库中的信息比对
                    currentUser.login(token);
                
                } catch (UnknownAccountException uae) {
                    //若用户名不存在则抛出异常
                    log.info("There is no user with username of " + token.getPrincipal());
    
                } catch (IncorrectCredentialsException ice) {
                    //若密码错误则抛出异常
                    log.info("Password for account " + token.getPrincipal() + " was incorrect!");
                } catch (LockedAccountException lae) {
    
                    log.info("The account for username " + token.getPrincipal() + " is locked.  " +
                            "Please contact your administrator to unlock it.");
                } catch (AuthenticationException ae) {
    
                    log.info("未知异常");
                
                }
    
    

    五、做角色验证

    
    if (currentUser.hasRole("admin")) {
        log.info("有admin角色");
    } else {
        log.info("没有该角色");
    }
    
    
  • 相关阅读:
    紧急项目处理方法(转)
    最佳窗体间传送数据的方法,同时可适用于其他传值方式
    一周七句
    电子书下载:Beginning Silverlight 5 in C# 4th
    ERP专业词汇集合
    电子书下载:CRM Fundamentals
    电子书下载:Programming Entity Framework DbContext
    电子书下载:Data Mining Techniques in CRM
    C#+.Net使用RemObjects建立客户端服务端
    1033,2052 是什么意思?
  • 原文地址:https://www.cnblogs.com/fonxian/p/5645499.html
Copyright © 2011-2022 走看看