任何介绍都不如官网来的实在：http://shiro.apache.org

本文仅是介绍shiro的简单入门，配置说明

1、mavn依赖

<!-- shiro权限控制的依赖 -->
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-core</artifactId>
    <version>1.2.3</version>
</dependency>
<!-- shiro jdbcRealm 测试使用 -->
<!-- https://mvnrepository.com/artifact/com.mchange/c3p0 -->
<dependency>
    <groupId>com.mchange</groupId>
    <artifactId>c3p0</artifactId>
    <version>0.9.5.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
<dependency>
    <groupId>commons-logging</groupId>
    <artifactId>commons-logging</artifactId>
    <version>1.2</version>
</dependency>

2、配置文件

shiro.ini

[users]
wugong=111111
admin=111111

jdbc_realm.ini

[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
dataSource.driverClass=com.mysql.jdbc.Driver
dataSource.jdbcUrl=jdbc:mysql://192.168.1.148:3306/vip
dataSource.user=root
dataSource.password=root
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm

shiro_role.ini

[users]
wugong=111111,admin,super
admin=111111,admin
super=111111,super
java1234=111111,role1,role2
jack=111111,role1

shiro_permission.ini

[users]
wugong=111111,admin,super
admin=111111,admin
super=111111,super
[roles]
admin=user:select
super=user:add,user:update,user:delete

3、测试

shiro.ini对应的测试

@Test
public void shiroHello(){
    Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro/shiro.ini");
    SecurityManager securityManager = factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
    Subject currentUser = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken("wugong","111111");
    try {
        currentUser.login(token);
        System.out.println("身份认证成功");
    } catch (AuthenticationException e) {
        e.printStackTrace();
    }
    currentUser.logout();
    System.out.println("已经退出");
}

jdbc_realm.ini

@Test
public void shiroJdbcTest(){
    //
    Subject currentUser = ShiroUtil.login("classpath:shiro/jdbc_realm.ini","wugong","123456");
}

shiro_role.ini

说明：#shiro功能演示的数据库 #如果使用jdbc_realm功能，则必须要保证数据库中存在 users表，并且该表中必须要存在userName password字段

#shiro功能演示的数据库
#如果使用jdbc_realm功能，则必须要保证数据库中存在 users表，并且该表中必须要存在userName password字段

-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `userName` varchar(200) DEFAULT NULL,
  `password` varchar(100) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of users
-- ----------------------------
INSERT INTO `users` VALUES ('1', 'wugong', '123456');

private static String shiroIniPath = "classpath:shiro/shiro_role.ini";

    @Test
    public void shiroRoleTest() {
//        shiroRoleHasRole("wugong","111111","admin");
        shiroRoleHasRoles("wugong", "111111", "admin", "super", "no");
        shiroRoleHasAllRoles("wugong", "111111", "admin", "super", "no");
        shiroRoleHasAllRoles("wugong", "111111", "admin", "super");
    }

    private void shiroRoleHasRole(String userName, String password, String role) {
        Subject currentUser = ShiroUtil.login(shiroIniPath, userName, password);
        System.out.println(currentUser.hasRole(role) ? (userName + "账号有" + role + "权限") : (userName + "账号没有" + role + "权限"));
    }

    /**
     * 多个role验证
     *
     * @Author wugong
     * @Date 2018/2/26 10:16
     * @Modify if true,please enter your name or update time
     * @params
     */
    private void shiroRoleHasRoles(String userName, String password, String... roles) {
        Subject currentUser = ShiroUtil.login(shiroIniPath, userName, password);
        List<String> roleList = Arrays.asList(roles);
        boolean results[] = currentUser.hasRoles(roleList);
        for (int i = 0; i < results.length; i++) {
            System.out.println(results[i] ? (userName + "账号有" + roleList.get(i) + "权限") : (userName + "账号没有" + roleList.get(i) + "权限"));
        }
    }

    /**
     * 全部权限的验证
     *
     * @Author wugong
     * @Date 2018/2/26 10:28
     * @Modify if true,please enter your name or update time
     * @params
     */
    private void shiroRoleHasAllRoles(String userName, String password, String... roles) {
        Subject currentUser = ShiroUtil.login(shiroIniPath, userName, password);
        StringBuffer roleStr = new StringBuffer();
        for (int i = 0; i < roles.length; i++) {
            String role = roles[i];
            roleStr.append(role);
            if (i<roles.length-1)
                roleStr.append(",");
        }
        System.out.println(currentUser.hasAllRoles(Arrays.asList(roles)) ? (userName + "账号有全部" + roleStr + "权限") : (userName + "账号不全有" + roleStr + "权限"));
    }

shiro_permission.ini

扫描二维码关注公众号，回复： 75469 查看本文章

下载地址：

项目下载地址：https://pan.baidu.com/s/1gfQ5F7l 密码：k2ba

本项目首次搭建是用于ssm简单功能
1、ssm使用的数据库配置
    jdbc.properties
    1.1、ssm包含基本的数据库表CRUD
    1.2、包含aop事务
    1.3、自定义aop controller方法拦截
        com.jie.common.OperationLogger
        com.jie.common.SysLogAspect
        com.jie.common.ClassParam
    1.4、mybatis的一对多、一对一简单使用说明
2、shiro入门级使用教程使用的数据库配置
    jdbc_realm.ini
    2.1、身份认证
        2.1、读取配置的简单使用
        例子:com.jie.shiro.ShiroHello.shiroHello
        2.2、数据库用户读取 Realm&JDBC Reaml
        例子:com.jie.shiro.ShiroJdbcTest
    2.2、权限认证(授权)
        2.2.1、编程式授权
            2.2.1.1 基于角色的访问控制
            2.2.1.2 基于权限的访问控制