Java基础之《shiro初识》

1、建立shiro.ini文件

#格式：用户名=密码,角色1,角色2
[users]
zhangsan=123,admin
lisi=456,manager,seller
wangwu=789,clerk

#预定权限
[roles]
admin=*
clerk=user:query,user:detail:query
manager=user:*

2、pom文件引入依赖包

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<!-- 核心配置,包含默认依赖 -->
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.3.12.RELEASE</version>
		<relativePath /> <!-- lookup parent from repository -->
	</parent>

	<groupId>com.study</groupId>
	<artifactId>shiro-test</artifactId>
	<version>0.0.1-SNAPSHOT</version>

	<name>shiro-test</name>
	<!-- FIXME change it to the project's website -->
	<url>http://www.example.com</url>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<maven.compiler.source>1.8</maven.compiler.source>
		<maven.compiler.target>1.8</maven.compiler.target>
		<shiro.version>1.7.1</shiro.version>
	</properties>

	<dependencies>
		<!-- 模板引擎freemarker -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-freemarker</artifactId>
		</dependency>
		<!-- web场景的依赖 -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<!-- 测试依赖 -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<!-- 健康监测 -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-actuator</artifactId>
		</dependency>

		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<scope>test</scope>
		</dependency>

		<!-- shiro -->
		<!-- shiro核心包 -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-core</artifactId>
			<version>${shiro.version}</version>
		</dependency>
		<!-- 添加shiro web支持 -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-web</artifactId>
			<version>${shiro.version}</version>
		</dependency>
		<!-- 添加shiro spring整合 -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring</artifactId>
			<version>${shiro.version}</version>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>
</project>

3、创建测试例子TestShiro.java

package com.study.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;

/**
 * 测试shiro
 * @author user
 *
 */
public class TestShiro {
	public static void main(String[] args) {
		//创建SecurityFactory，加载ini配置，并通过它创建SecurityManager
		Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
		//shiro核心，securityManager
		SecurityManager securityManager = factory.getInstance();
		
		//将SecurityManager托管到SecurityUtils工具类中，之后可以不必关心SecurityManager
		SecurityUtils.setSecurityManager(securityManager);
		
		//获得Subject，通过Subject可以执行shiro的相关操作（除了加密之外的所有操作）
		Subject currentUser = SecurityUtils.getSubject();
		
		//通过Subject获取当前用户的登录状态（ops：从session中同步信息）
		System.out.println(currentUser.isAuthenticated());
		
		//Principal是当前用户的凭证，就是用户名
		System.out.println(currentUser.getPrincipal());
		
		//身份认证（类似登录逻辑）
		if (!currentUser.isAuthenticated()) { //判断是否已经登录
			//如果未登录，则封装一个token，其中包括：用户名和密码
			UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123");
			try {
				//将token传入login方法，进行身份认证
				//login方法返回是void，看异常
				currentUser.login(token);  //在IniRealm.java中比对
				
			} catch (UnknownAccountException uae) { //用户不存在
				System.out.println("用户不存在：" + token.getPrincipal());
			} catch (IncorrectCredentialsException ice) { //密码错误
				System.out.println("密码错误：" + token.getPrincipal());
			} catch (LockedAccountException lae) { //账户冻结
				System.out.println("账户冻结：" + token.getPrincipal());
			} catch (AuthenticationException ae) { //其他认证异常
				
			}
			
		}
		
		//认证成功则用户信息会存入currentUser
		System.out.println("登录成功：" + currentUser.getPrincipal());
		
		//可以进一步进行角色校验和权限校验
		if (currentUser.hasRole("admin")) { //校验角色
			System.out.println("hello, boss");
		} else {
			System.out.println("hello, you");
		}
		
		if (currentUser.isPermitted("user:update")) { //校验权限
			System.out.println("you can update user");
		} else {
			System.out.println("sorry, you can not update");
		}
		
		//用户退出，会清理用户状态
		//登出：身份信息，登录状态信息，权限信息，角色信息，会话信息，全部抹除
		currentUser.logout();
	}
}