在本示例中, 使用 INI 文件来定义用户和角色. 首先学习一下 INI 文件的规范.
=======================
Shiro INI 的基本规范
=======================
[main]
# 在这里定义 SecurityManager 和 Realms 等
[users]
# 每一行定义一个用户, 格式是 username = password, role1, role2, ..., roleN
[roles]
# 角色在这里定义, 格式是 roleName = perm1, perm2, ..., permN
# 说明1: 权限名可以使用带有层次的命名方式, 使用冒号来分割层次关系, 比如 user:create 或 user:poweruser:update 权限.
# 说明2: user:* 这样的权限, 代表具有 user:create 和 user:poweruser:update 权限.
[urls]
# 对于web系统, 可在这里定义url的权限配置.
==========================
pom
==========================
Shiro jar需要 slf4j 依赖项.
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
<exclusions>
<exclusion>
<artifactId>slf4j-api</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
</exclusions>
</dependency>
# =======================
shiro.ini 示例文件的内容
# =======================
# =======================
shiro.ini 示例文件的内容
# =======================
# -----------------------------------------------------------------------------
# Users and their (optional) assigned roles
# username = password, role1, role2, ..., roleN
# -----------------------------------------------------------------------------
[users]
root = secret, admin
guest = guest, guest
presidentskroob = 12345, president
darkhelmet = ludicrousspeed, darklord, schwartz
aihe = aihe, goodguy, client # -----------------------------------------------------------------------------
# Roles with assigned permissions
# roleName = perm1, perm2, ..., permN
# -----------------------------------------------------------------------------
[roles]
admin = *
client = look:*
goodguy = winnebago:drive:eagle5
==========================
API 代码示例
==========================
@Override
public void run(String... args) throws Exception {
// 创建sessionFactory,使用ini配置文件初始化
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
// 创建securityManager实例
SecurityManager securityManager = factory.getInstance(); // 将securityManager配置在当前运行环境中
SecurityUtils.setSecurityManager(securityManager); // 获取当前的subject
Subject currentUser = SecurityUtils.getSubject(); // session 操作
Session session = currentUser.getSession();
System.out.println("Id:" + session.getId()); session.setAttribute("name", "value");
System.out.println(session.getAttribute("name")); if (!currentUser.isAuthenticated()) {
// 登录需要一个 token
UsernamePasswordToken token = new UsernamePasswordToken("root", "secret"); // 在 token 上设置 RememberMe
// token.setRememberMe(true); // 登录
currentUser.login(token); // 登录后可获取认证身份(一个或多个)
PrincipalCollection principals = currentUser.getPrincipals();
for (Object principal : principals) {
System.out.println(principal.toString());
} // 角色检查
boolean granted1 = currentUser.hasRole("admin");
System.out.println("hasRole('admin'):" + granted1); boolean granted2 = currentUser.hasRole("winnebago:drive");
System.out.println("hasRole('winnebago:drive'):" + granted1); // 角色检查断言, 如果没有对应的角色, 会抛出 AuthorizationExceptions
currentUser.checkRole("admin"); // 权限检查
boolean granted3 = currentUser.isPermitted("winnebago:drive");
System.out.println("isPermitted('winnebago:drive'):" + granted2); // 权限检查断言, 如果没有对应的权限, 会抛出 AuthorizationExceptions
currentUser.checkPermission("winnebago:drive"); // 登出
currentUser.logout(); } else {
System.out.println("you have login");
}
}
结果输出为:
Id:71b126e5-a79c-416d-9abb-1b5430eaf5c3
value
root
hasRole('admin'):true
hasRole('winnebago:drive'):true
isPermitted('winnebago:drive'):false
==========================
参考
==========================
https://www.jianshu.com/p/5a35d0100a71