The recent permission frameworks all use shiro to authenticate users and roles. After listening to it a lot, I feel that I will not be a bit unreasonable. I will learn it here. As a simple understanding, I will not be blinded when I use it later.
basic introduction:
Shiro is a powerful and easy-to-use Java security framework that provides authentication, authorization, encryption and session management functions to provide security for any application.
- Authentication - User identification, often referred to as user "login"
- Authorization---Access control, you can authorize the url, or you can authorize the role
- Password encryption---protect or hide data from peeping---shiro comes with many encryption tools, which are very powerful
- Session management - per-user related time-sensitive state
There are many great gods on the Internet, and the explanation of shiro is very good. I will quote it here, and I will not introduce it again:
http://jinnianshilongnian.iteye.com/blog/2018936/
Let's take a brief look at shiro from a Helloworld program.
First of all, we don't have a library, so we have to set up a realm to access permission data.
Realm means realm, shiro gets authentication data from realm, it has many kinds, such as jdbc.realm, jndi.realm, text.realm.
Here we use text.realm.
First define a realm:
shiro.ini:
Add dependencies in maven:
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.4</version> </dependency>
<dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.12</version> </dependency> |
Then create a HelloWorld class and write a Main method:
package com.java1234.shiro;
import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory;
public class HelloWorld { public static void main(String[] args){ // Read the configuration file to initialize the SecurityManager factory Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro.ini"); //获取securityManager实例 SecurityManager securityManager=factory.getInstance(); //把securityManager实例绑定到SecurityUtils SecurityUtils.setSecurityManager(securityManager); //得到当前执行的用户 Subject currentUser=SecurityUtils.getSubject(); //创建token令牌,用户名/密码。相当于在页面输入用户名和密码 UsernamePasswordToken token=new UsernamePasswordToken("java1234", "123456"); try{ //身份认证 currentUser.login(token); System.out.println("身份认证成功!"); }catch(AuthenticationException e){ e.printStackTrace(); System.out.println("身份认证失败!"); } //退出 currentUser.logout(); }
} |