Shiro--简单使用
创建Maven项目,添加依赖
<dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version><scope>test</scope></dependency><!-- shrio依赖 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.4.1</version></dependency><!--用于slf4j与log4j2保持桥接 --><dependency><groupId>org.apache.logging.log4j</groupId><artifactId>log4j-slf4j-impl</artifactId><version>2.12.1</version><scope>test</scope></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-ehcache</artifactId><version>1.4.1</version></dependency><dependency><groupId>org.ehcache</groupId><artifactId>ehcache</artifactId><version>3.8.0</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.4.1</version></dependency></dependencies>
配置文件
log4j2.xml
<?xml version="1.0" encoding="UTF-8"?><configuration><!--先定义所有的appender--><appenders><!--输出控制台的配置--><console name="Console" target="SYSTEM_OUT"><!--输出日志的格式--><!--<patternlayout pattern="%d{yyyy-MM-dd HH:mm:ss} [%p] %c %m %n"/>--><patternlayout pattern="[%p] %m %n"/></console></appenders><!-- 然后定义logger,只有定义了logger并引入的appender,appender才会生效--><!-- 日志级别以及优先级排序: OFF > FATAL > ERROR > WARN > INFO > DEBUG > TRACE > ALL --><loggers><root level="DEBUG"><!--输出到控制台--><appender-ref ref="Console"/></root><!--org.springframework <logger name="org.springframework" level="INFO"/>--></loggers></configuration>
shiro.ini
[users]zhangsan=123456,adminlisi=654321,public[roles]admin=product:view,product:create,product:update,product:deletepublic=product:view
测试:
@Testpublic void test01() {//1.初始化shiro的安全管理器DefaultSecurityManager securityManager = new DefaultSecurityManager();//2.设置用户的权限信息到安全管理器Realm realm = new IniRealm("classpath:shiro.ini");securityManager.setRealm(realm);//3. 使用SecurityUtils将securityManager设置到运行环境中SecurityUtils.setSecurityManager(securityManager);//4. 创建一个Subject实例Subject subject = SecurityUtils.getSubject();//5. 创建用于认证的认证的token,记录用户认证的身份和凭证即账号和密码AuthenticationToken token =new UsernamePasswordToken("zhangsan", "123456");System.out.println("用户认证状态:" + subject.isAuthenticated());//6.主体要进行登录,登录的时候进行认证检查subject.login(token);// 用户认证状态System.out.println("用户认证状态:" + subject.isAuthenticated());//7.检查角色的授权状态System.out.println("是否拥有admin角色: " + subject.hasRole("admin"));System.out.println("是否拥有public角色: " + subject.hasRole("public"));//8.检查权限的授权状态System.out.println("product:view: " + subject.isPermitted("product:view"));System.out.println("product:view: " + subject.isPermitted("product:view", "product:update2")[1]);//退出subject.logout();System.out.println("用户认证状态:" + subject.isAuthenticated());}
输出:
[DEBUG] Opening resource from class path [shiro.ini][DEBUG] Parsing [users][DEBUG] Parsing [roles][DEBUG] Discovered the [roles] section. Processing...[DEBUG] Discovered the [users] section. Processing...用户认证状态:false[DEBUG] Looked up AuthenticationInfo [zhangsan] from doGetAuthenticationInfo[DEBUG] AuthenticationInfo caching is disabled for info [zhangsan]. Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - zhangsan, rememberMe=false].[DEBUG] Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String][DEBUG] Both credentials arguments can be easily converted to byte arrays. Performing array equals comparison[DEBUG] Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - zhangsan, rememberMe=false]. Returned account [zhangsan][DEBUG] No sessionValidationScheduler set. Attempting to create default instance.[INFO] Enabling session validation scheduler...[DEBUG] Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]用户认证状态:true是否拥有admin角色: true是否拥有public角色: falseproduct:view: trueproduct:view: false[DEBUG] Logging out subject with primary principal zhangsan[DEBUG] Stopping session with id [35cdf553-7b6b-4537-bb5a-1d502d42c17a]用户认证状态:false
布满荆棘的人生
╰+哭是因爲堅強的太久メ
还没有评论,来说两句吧...