shiro学习笔记（3）--自定义realm、授权

一：自定义Realm
1、继承AuthorizingRealm（因为该类中有认证、授权的抽象方法，实现简单）

public class MyRealm1 extends AuthorizingRealm{

    @Override
    public String getName() {
        return "myrealm";
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //用户输入信息
        String username = (String) token.getPrincipal();
        System.out.println(username);
        //模拟从库里查询对应用户证明信息
        String pwd = "123654";
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(username,pwd,getName());
        return simpleAuthenticationInfo;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }
}

2、main方法

public static void main(String[] args) {
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro/shiro-realm.ini");
        SecurityManager securityManager = factory.getInstance();
        SecurityUtils.setSecurityManager(securityManager);
        Subject subject = SecurityUtils.getSubject();

        //认证
        UsernamePasswordToken token = new UsernamePasswordToken("kexq","123654");
        subject.login(token);
        if(subject.isAuthenticated()){
            System.out.println("认证成功！");
        }
    }

3、ini配置

#shiro简单配置实例

#主配置
[main]

#用户信息配置
[users]
kexq=123654
ke=123654

#配置自定义realm
myrealm=com.kexq.common.shiro.realm.MyRealm

securityManager.realm=$myrealm

二：授权
说明：ini配置或自定义realm配置
1、ini配置
配置规范参考https://www.w3cschool.cn/shiro/xgj31if4.html

#shiro简单配置实例

#主配置
[main]

#用户信息配置
[users]
kexq=123654,role1,role5
ke=123654,role1,role3,role4

#角色信息配置
[roles]
admin=*
role1=sys:edit,sys:view
#缩写时需要引号
role2="sys:view,update"
role3=sys:*
role4=:*
role5=sys:edit:1

subject的验证方法
（1）subject().hasRole*()
（2）subject().checkRole*() 验证失败抛出异常
（3）subject().isPermitted*()
（4）subject().checkPermission*() 验证失败抛出异常
验证失败抛出异常AuthenticationException及其子类异常

subject.login(usernamePasswordToken);
        if(subject.isAuthenticated()){
            System.out.println("认证成功");
            boolean flage1 = subject.isPermitted("sys:edit:1");   //sys资源view权限
            boolean flage2 = subject.isPermitted("sys:*");      //sys资源所有权限
            boolean flage3 = subject.isPermitted(":*");     //所有资源所有权限
            System.out.println(flage1);
            System.out.println(flage2);
            System.out.println(flage3);

            boolean flage4 = subject.isPermittedAll("sys:view","sys:delete");   //一次检测多个资源
            System.out.println(flage4);
        }else{
            System.out.println("认证失败");
        }

2、自定义realm配置

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String name = (String)principalCollection.getPrimaryPrincipal();
        //模拟从库里提取用户权限
        List<String> list = new ArrayList<String>();
        list.add("user:view");
        list.add("user:add");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addStringPermissions(list);
        return info;
    }