一:自定义Realm
1、继承AuthorizingRealm(因为该类中有认证、授权的抽象方法,实现简单)
public class MyRealm1 extends AuthorizingRealm{
@Override
public String getName() {
return "myrealm";
}
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//用户输入信息
String username = (String) token.getPrincipal();
System.out.println(username);
//模拟从库里查询对应用户证明信息
String pwd = "123654";
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(username,pwd,getName());
return simpleAuthenticationInfo;
}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
}
2、main方法
public static void main(String[] args) {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro/shiro-realm.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
//认证
UsernamePasswordToken token = new UsernamePasswordToken("kexq","123654");
subject.login(token);
if(subject.isAuthenticated()){
System.out.println("认证成功!");
}
}
3、ini配置
#shiro简单配置实例
#主配置
[main]
#用户信息配置
[users]
kexq=123654
ke=123654
#配置自定义realm
myrealm=com.kexq.common.shiro.realm.MyRealm
securityManager.realm=$myrealm
二:授权
说明:ini配置或自定义realm配置
1、ini配置
配置规范参考https://www.w3cschool.cn/shiro/xgj31if4.html
#shiro简单配置实例
#主配置
[main]
#用户信息配置
[users]
kexq=123654,role1,role5
ke=123654,role1,role3,role4
#角色信息配置
[roles]
admin=*
role1=sys:edit,sys:view
#缩写时需要引号
role2="sys:view,update"
role3=sys:*
role4=:*
role5=sys:edit:1
subject的验证方法
(1)subject().hasRole*()
(2)subject().checkRole*() 验证失败抛出异常
(3)subject().isPermitted*()
(4)subject().checkPermission*() 验证失败抛出异常
验证失败抛出异常AuthenticationException及其子类异常
subject.login(usernamePasswordToken);
if(subject.isAuthenticated()){
System.out.println("认证成功");
boolean flage1 = subject.isPermitted("sys:edit:1"); //sys资源view权限
boolean flage2 = subject.isPermitted("sys:*"); //sys资源所有权限
boolean flage3 = subject.isPermitted(":*"); //所有资源所有权限
System.out.println(flage1);
System.out.println(flage2);
System.out.println(flage3);
boolean flage4 = subject.isPermittedAll("sys:view","sys:delete"); //一次检测多个资源
System.out.println(flage4);
}else{
System.out.println("认证失败");
}
2、自定义realm配置
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String name = (String)principalCollection.getPrimaryPrincipal();
//模拟从库里提取用户权限
List<String> list = new ArrayList<String>();
list.add("user:view");
list.add("user:add");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermissions(list);
return info;
}