在这里先在JavaSE项目中演示下shiro的应用
先不连接数据库,用ini文件代替:
1 [users] 2 # user 'root' with password 'secret' and the 'admin' role 3 root = secret, admin 4 # user 'guest' with the password 'guest' and the 'guest' role 5 guest = guest, guest 6 # user 'presidentskroob' with password '12345' ("That's the same combination on 7 # my luggage!!!" ;)), and role 'president' 8 presidentskroob = 12345, president 9 # user 'darkhelmet' with password 'ludicrousspeed' and roles 'darklord' and 'schwartz' 10 darkhelmet = ludicrousspeed, darklord, schwartz 11 # user 'lonestarr' with password 'vespa' and roles 'goodguy' and 'schwartz' 12 lonestarr = vespa, goodguy, schwartz 13 14 # ----------------------------------------------------------------------------- 15 # Roles with assigned permissions 16 # 17 # Each line conforms to the format defined in the 18 # org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc 19 # ----------------------------------------------------------------------------- 20 [roles] 21 # 'admin' role has all permissions, indicated by the wildcard '*' 22 admin = * 23 # The 'schwartz' role can do anything (*) with any lightsaber: 24 schwartz = lightsaber:* 25 # The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with 26 # license plate 'eagle5' (instance specific id) 27 goodguy = winnebago:drive:eagle5
代码:
1 package com.shiro.bean; 2 3 import org.apache.shiro.SecurityUtils; 4 import org.apache.shiro.authc.AuthenticationException; 5 import org.apache.shiro.authc.IncorrectCredentialsException; 6 import org.apache.shiro.authc.LockedAccountException; 7 import org.apache.shiro.authc.UnknownAccountException; 8 import org.apache.shiro.authc.UsernamePasswordToken; 9 import org.apache.shiro.config.IniSecurityManagerFactory; 10 import org.apache.shiro.mgt.SecurityManager; 11 import org.apache.shiro.session.Session; 12 import org.apache.shiro.subject.Subject; 13 import org.apache.shiro.util.Factory; 14 import org.slf4j.Logger; 15 import org.slf4j.LoggerFactory; 16 17 public class HelloWord { 18 private static final Logger log = LoggerFactory.getLogger(HelloWord.class); 19 public static void main(String[] args) { 20 String s = "/psp_gs/src/main/resources/trans/index.html"; 21 System.out.println(s.substring(0,s.lastIndexOf("/"))); 22 /*log.info("测试Log4j...."); 23 24 * 1.获取安全管理器 25 * 2.获取用户 26 * 3.用户验证登录 27 * 4.权限管理 28 * 5.角色管理 29 * 6.session 30 31 //1.获取安全管理器 32 Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); 33 SecurityManager securityManager = factory.getInstance(); 34 //2.设置安全管理器 35 SecurityUtils.setSecurityManager(securityManager); 36 //3.获取subject对象 37 Subject currentUser = SecurityUtils.getSubject(); 38 Session session = currentUser.getSession(); 39 40 session.setAttribute("name", "陈"); 41 42 String value = (String)session.getAttribute("name"); 43 if(value != null) 44 log.info("shiro已经获得了session中的value!"); 45 //验证是否登录 46 if(currentUser.isAuthenticated() == false){ 47 UsernamePasswordToken token = new UsernamePasswordToken("root", "secret"); 48 token.setRememberMe(true); 49 try{ 50 currentUser.login(token); 51 log.info("认证成功!"); 52 }catch(UnknownAccountException e){ 53 log.info("账户不存在!"); 54 }catch(IncorrectCredentialsException e){ 55 log.info("账户或密码错误!"); 56 }catch(LockedAccountException e){ 57 log.info("用户已经锁死!"); 58 }catch(AuthenticationException e){ 59 log.info("认证失败!"); 60 } 61 } 62 63 if(currentUser.hasRole("goodguy")) 64 log.info("拥有goodguy角色!"); 65 else 66 log.info("没有goodguy角色!"); 67 68 if(currentUser.isPermitted("winnebago:drive:eagle5")) 69 log.info("拥有winnebago:drive:eagle5权限!"); 70 else 71 log.info("没有winnebago:drive:eagle5 权限!"); 72 currentUser.logout();*/ 73 } 74 75 76 }
值得注意的是:
1.shiro框架将用户登录信息封装为subject,通过自己封装的工具类获取。
2.以上复杂的构造方式可使用spring框架进行简化。