Foreword
This chapter explains Shiro authorized knowledge
method
1. Concept
Authorization: Authorization, is to grant users access to certain resources.
Premise that require users to login authentication before they can be authorized.
Permission (permit): representation CRUD display some features, such as buttons, menu access, data
Role (role): a set of privileges, such as Administrator role, which has all the rights to access the system menu
2.Shiro in the user authorization process
3. Implementation steps
When you do login authentication code before we still use.
1) 编写 shiro.ini Bunken
[main]
[users]
zhangsan = 1234,role1
lisi = 5678
[roles]
role1 = permit1,permit2NOTE: The above configuration file, users configured for the user name = password, Role 1, Role 2 ...
roles configured for the role permission = 1, 2 ... rights
2) Coding
package cn.edu.ccut.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;
/**
* @Auther:jwang
* @Date:2019/5/8
* @Description:cn.edu.ccut.test
* @Version 1.0
**/
public class Authentication {
public static void main(String [] args){
//创建SecurityManager工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//通过SecurityManager工厂获取SecurityManager实例
SecurityManager securityManager = factory.getInstance();
//将SecurityManager对象设置到运行环境中
SecurityUtils.setSecurityManager(securityManager);
//通过SecurityUtils获取主体Subject
Subject currentUser = SecurityUtils.getSubject();
//设置用户名和密码
String username = "zhangsan";
String password = "1234";
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
//进行用户身份验证
try {
currentUser.login(token);
//如果用户认证成功
if (currentUser.isAuthenticated()) {
System.out.println("用户["+username+","+password+"]登录成功!");
//判断用户是否拥有权限role1
String role = "role1";
boolean isRole1 = currentUser.hasRole(role);
System.out.println("用户["+username+","+password+"]"+(isRole1?"拥有":"未拥有")+"权限"+role);
if(isRole1){
//this code here
}
}
}catch (AuthenticationException e){
System.out.println("用户["+username+","+password+"]登录失败!");
}
}
}Execution results are as follows:
Note: Here we use hasRole method to determine whether the user has a role.
In shiro, the following methods are used to determine whether the user has the relevant roles and permissions:
Character:
| boolean hasRole(String roleIdentifier) | Determine whether the user has a role, true representation has, false if not |
| boolean[] hasRoles(List<String> roleIdentifiers); | Determine whether the user has a certain role, returns a Boolean array |
| boolean hasAllRoles(Collection<String> roleIdentifiers); | Determine whether the user has a certain role, to meet all returns true, false and vice versa |
| void checkRole(String roleIdentifier) throws AuthorizationException | Determine whether the user has a role, did not throw an exception |
| void checkRoles(Collection<String> roleIdentifiers) throws AuthorizationException; | Determine whether the user has all roles, no exception is thrown |
| void checkRoles(String... roleIdentifiers) throws AuthorizationException; | Determine whether the user has all roles, no exception is thrown |
Permissions:
| isPermitted Boolean (String permission) | Determine whether the user has certain privileges, true representation has, false if not |
| boolean[] isPermitted(String... permissions); | Determining whether the user has certain privileges, returns a Boolean array |
| boolean isPermittedAll(String... permissions); | Determining whether the user has full rights, there are returns true, false and vice versa |
| void checkPermission(String permission) throws AuthorizationException; | Determine whether the user has certain privileges, no exception is thrown |
| void checkPermissions(String... permissions) throws AuthorizationException; | Determining whether the user has full rights, do not throw an exception |