shiro - Getting Started Program

Others 2022-04-28 08:37:44 views: 0

1. Create a simple shiro project

  • Create the shiro.ini configuration file under src

[users]

admin = 123,role1

[roles]

role1 = printer:print

 

 

Username:  adminPassword
: 123 
Assign role1 to the admin account. Multiple roles are separated by commas 
. Role1 has printer:print this permission. The writing of this permission will be discussed later.

 

 

  • HelloWorld
package com.shiro.helloworld;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class HelloWorld {
    //If you don't use logs, you can also use System.out.println() directly, so you don't need to configure log4j.properties
    private static final transient Logger log = LoggerFactory.getLogger(HelloWorld.class);

    public static void main(String[] args) {
        //Get an instance of SecurityManager
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        SecurityManager securityManager = factory.getInstance();

        SecurityUtils.setSecurityManager(securityManager);

        Subject currenUser = SecurityUtils.getSubject();
        //Use of session
        Session session = currenUser.getSession();
        session.setAttribute("key", "value");
        String value = (String) session.getAttribute("key");
        log.info("value:"+value);
        //if not authenticated
        if(!currenUser.isAuthenticated()){
            UsernamePasswordToken token = new UsernamePasswordToken("admin","123");
            token.setRememberMe(true);
            try {
                currenUser.login(token);
            } catch (UnknownAccountException uae) {
                log.info("No such user: " + token.getPrincipal());
            } catch (IncorrectCredentialsException ice) {
                log.info( token.getPrincipal() + "Incorrect password!");
            } catch (LockedAccountException lae) {
                log.info( token.getPrincipal() + "locked, please contact administrator");
            }catch (AuthenticationException ae) {
                //other unknown exception
            }
        }
        if(currenUser.getPrincipal() != null)
            log.info("User"+currenUser.getPrincipal() +"Login successful");
        //Is there a role of role1
        if(currenUser.hasRole("role1")){
            log.info("has role role1");
        }else{
            log.info("No role role1");
        }
        //Do you have permission to print to the printer?
        if(currenUser.isPermitted("printer:print")){
            log.info("Can print to the printer");
        }else {
            log.info("Cannot print to printer");
        }
        //sign out
        currenUser.logout();
        System.exit(0);
    }
}

 

  • In fact, we use shiro to do two things: 1. Verify the identity of the user, 2. Verify whether the user has permission to perform an operation

2. Shiro's permissions

2.1 Simple strings

Use a simple string to represent a permission, such as: queryPrinter

2.2 Multi-level management

  1. printer:print

    The first part is the domain (printer) where the permission is operated, and the second part is the operation to be performed

  2. multiple values

    Multiple values ​​are separated by commas, such as role1 = printer:print,printer:query 
    does not have to be in the form of xxx:yyyy, you can also use a simple string directly

  3. You can use * to indicate all

    For example , printer:*  means that you can perform any operation on the printer, 
    or  *:query  means that you have query operations in any field

2.2 Instance-level access control

  1. This situation typically uses three components—the first is the domain, the second is the operation, and the third is the instance that is implemented. Such as: printer:query:lp7200

    Wildcards can also be used to define, such as: 
    printer:print:* 
    printer: : 
    printer:*:lp7200 
    printer:query, print:lp7200

  2. Partially omitted: the missing part means that the user has access to all values ​​that match it

    printer:print is equivalent to printer:print:* 
    printer is equivalent to printer: : 
    but remember: parts can only be omitted from the end of the string, ie 
    printer:lp7200 is not equivalent to printer:*: lp7200

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326222921&siteId=291194637
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com