版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/u014248473/article/details/88592737
一、POM
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.12</version>
</dependency>
二、INI
[users]
admin=123456,system
tom=123,role1,role2
[roles]
system=auth01,auth02,auth03
role1=auth02
role2=auth03
格式:
[users]
用户名=密码,角色1,角色2…
[roles]
角色名=权限1,权限2…
三、ShiroUtil
package com.yale;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ShiroUtil {
public static Subject login(String configPath, String username, String password) throws AuthenticationException{
//1.由ini文件初始化一个Factory<SecurityManager>
Factory<SecurityManager> factory = new IniSecurityManagerFactory(configPath);
//2.从Factory中获取一个SecurityManager实例
SecurityManager securityManager = factory.getInstance();
//3.使用SecurityUtils工具类设值SecurityManager实例
SecurityUtils.setSecurityManager(securityManager);
//4.再从SecurityUtils中获取Subject
Subject subject = SecurityUtils.getSubject();
//5.调用Subject的login方法验证用户
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
subject.login(token);
return subject;
}
}
四、ShiroMain
package com.yale;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
public class ShiroMain {
public static void main(String[] args) {
Subject subject = null;
try {
subject = ShiroUtil.login("classpath:shiro.ini","tom","123");
System.out.println("验证成功!");
//查看用户是否拥有给定角色
boolean hasRole = subject.hasRole("role1");
System.out.println("tom是否拥有role1:"+hasRole);
//查看用户是否拥有给定权限
boolean permitted = subject.isPermitted("auth02");
System.out.println("tom是否拥有auth02:"+permitted);
} catch (AuthenticationException e) {
e.printStackTrace();
System.out.println("验证失败!");
}
}
}