[Shiro] ---

         The recent permission frameworks all use shiro to authenticate users and roles. After listening to it a lot, I feel that I will not be a bit unreasonable. I will learn it here. As a simple understanding, I will not be blinded when I use it later.

basic introduction:

       Shiro is a powerful and easy-to-use Java security framework that provides authentication, authorization, encryption and session management functions to provide security for any application.

• Authentication - User identification, often referred to as user "login"
• Authorization---Access control, you can authorize the url, or you can authorize the role
• Password encryption---protect or hide data from peeping---shiro comes with many encryption tools, which are very powerful
• Session management - per-user related time-sensitive state

 

 

There are many great gods on the Internet, and the explanation of shiro is very good. I will quote it here, and I will not introduce it again:

http://jinnianshilongnian.iteye.com/blog/2018936/

 

Let's take a brief look at shiro from a Helloworld program.

 

First of all, we don't have a library, so we have to set up a realm to access permission data.

Realm means realm, shiro gets authentication data from realm, it has many kinds, such as jdbc.realm, jndi.realm, text.realm.

Here we use text.realm.

 

First define a realm:

shiro.ini:

 

Add dependencies in maven:

<dependency>                   <groupId>org.apache.shiro</groupId>                   <artifactId>shiro-core</artifactId>                   <version>1.2.4</version>           </dependency>                      <dependency>                   <groupId>org.slf4j</groupId>                   <artifactId>slf4j-log4j12</artifactId>                   <version>1.7.12</version>           </dependency>

 

 

Then create a HelloWorld class and write a Main method:

package com.java1234.shiro;   import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory;   public class HelloWorld { public static void main(String[] args){ // Read the configuration file to initialize the SecurityManager factory Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro.ini"); //获取securityManager实例 SecurityManager securityManager=factory.getInstance(); //把securityManager实例绑定到SecurityUtils SecurityUtils.setSecurityManager(securityManager); //得到当前执行的用户 Subject currentUser=SecurityUtils.getSubject(); //创建token令牌，用户名/密码。相当于在页面输入用户名和密码 UsernamePasswordToken token=new UsernamePasswordToken("java1234", "123456"); try{ //身份认证 currentUser.login(token); System.out.println("身份认证成功！"); }catch(AuthenticationException e){ e.printStackTrace(); System.out.println("身份认证失败！"); } //退出 currentUser.logout(); }   }