1, dependent on the core
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
2, the certification process: Create a SecurityManager -> subject submitted for certification -> SecurityMananger Certification -> Authentictor Certification -> Realm verification (from subject.login (token) began tracking the source code can verify that (idea down ctrl + alt + b tracking source)), the unit test code is as follows:
package com.example.demo_mg;
import junit.framework.Assert;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class DemoMgApplicationTests {
SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();
@Before
public void before() {
simpleAccountRealm.addAccount("wzs", "123456");
}
@Test
public void contextLoads() {
}
@Test
public void test() {
//构建SecurityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(simpleAccountRealm);
//主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("wzs", "123456");
subject.login(token);
Assert.assertEquals(subject.isAuthenticated(), true);
subject.logout();
Assert.assertEquals(subject.isAuthenticated(), true);
}
}
Account error UnknownAccountException, password error IncorrectCredentialsException.
From subject.login (token); click ctrl + alt + b tracking the source code to the login method DelegatingSubject, call the Subject subject = this.securityManager.login (this, token) ;, login to continue tracking method DefaultSecurityManager, call the info = this .authenticate (token) ;, continue tracking method AuthenticatingSecurityManager to authenticate the call this.authenticator.authenticate (token) ;, continue tracking method to authenticate AbstractAuthenticator, call the info = this.doAuthenticate (token) ;, to keep track of ModularRealmAuthenticator doAuthenticate method, the authentication code can be seen below, to achieve authentication realm:
protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
this.assertRealmsConfigured();
Collection<Realm> realms = this.getRealms();
return realms.size() == 1 ? this.doSingleRealmAuthentication((Realm)realms.iterator().next(), authenticationToken) : this.doMultiRealmAuthentication(realms, authenticationToken);
}
3, the authorization process: Create a SecurityManager -> body authorized -> SecurityManager authorization -> Authorizer authorization -> Realm Gets the role permissions data (database | cache, etc.):
package com.example.demo_mg;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class DemoMgApplicationTests {
SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();
@Before
public void before() {
simpleAccountRealm.addAccount("wzs", "123456", "admin", "user");
}
@Test
public void contextLoads() {
}
@Test
public void test() {
//构建SecurityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(simpleAccountRealm);
//主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("wzs", "123456");
subject.login(token);
//授权
subject.checkRole("admin");
subject.checkRoles("admin", "user");
subject.logout();
}
}
Role does not exist UnauthorizedException
From subject.checkRoles ( "admin", "user"); click ctrl + alt + b tracking the source code to checkRoles method DelegatingSubject, call the this.securityManager.checkRoles (this.getPrincipals (), roleIdentifiers) ;, to keep track of AuthorizingSecurityManager checkRoles method, call this.authorizer.checkRoles (principals, roles) ;, continue to checkRoles tracking method ModularRealmAuthorizer, walk the roles call this.checkRole (principals, role) ;, continue to checkRole tracking method, call this.hasRole (principals, Role), to keep track hasRole method, the following code can be seen by the authorization realm:
public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
this.assertRealmsConfigured();
Iterator var3 = this.getRealms().iterator();
Realm realm;
do {
if (!var3.hasNext()) {
return false;
}
realm = (Realm)var3.next();
} while(!(realm instanceof Authorizer) || !((Authorizer)realm).hasRole(principals, roleIdentifier));
return true;
}
4, built-in test IniRealm:
in src / test under the new Direcotry, name resources, right-Mark Direcotry As -> Test Sources Root , under the new user.ini file contents:
[users]
wzs=123456,admin
[roles]
admin=user:delete,user:update
Unit test code:
package com.example.demo_mg;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class DemoMgApplicationTests {
@Test
public void contextLoads() {
}
@Test
public void test() {
IniRealm iniRealm = new IniRealm("classpath:user.ini");
//构建SecurityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(iniRealm);
//主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("wzs", "123456");
subject.login(token);
//授权
subject.checkRole("admin");
subject.checkPermissions("user:delete", "user:update");
subject.checkPermission("user:insert");
subject.logout();
}
}
There exist no rights UnauthorizedException