1、pom
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.6.1</version>
</dependency>
2、shiro.ini
# -----------------------------------------------------------------------------
# Users and their (optional) assigned roles
# username = password, role1, role2, ..., roleN
# -----------------------------------------------------------------------------
[users]
root = secret, admin
guest = guest, guest
presidentskroob = 12345, president
darkhelmet = ludicrousspeed, darklord, schwartz
aihe = aihe, goodguy, client
# -----------------------------------------------------------------------------
# Roles with assigned permissions
# roleName = perm1, perm2, ..., permN
# -----------------------------------------------------------------------------
[roles]
admin = *
client = look:*
goodguy = winnebago:drive:eagle5
Tutorial
package com.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Created by aihe on 2017/6/14.
*/
public class Tutorial {
private static final transient Logger log = LoggerFactory.getLogger(Tutorial.class);
public static void main(String[] args) {
log.info("My First Apache Shiro Application");
//1. 這里的SecurityManager是org.apache.shiro.mgt.SecurityManager,,而不是java.lang.SecurityManager
// 加載配置文件
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//2.解析配置文件,,并且返回一些SecurityManger實(shí)例
SecurityManager securityManager = factory.getInstance();
//3.設(shè)置SecurityManager到靜態(tài)內(nèi)存區(qū),單例模式
SecurityUtils.setSecurityManager(securityManager);
// 安全操作
Subject currentUser = SecurityUtils.getSubject();
// 在應(yīng)用的當(dāng)前會(huì)話中設(shè)置屬性
Session session = currentUser.getSession();
session.setAttribute("key", "value");
//當(dāng)前我們的用戶是匿名的用戶,,我們嘗試進(jìn)行登錄,,
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken("aihe", "aihe");
//this is all you have to do to support 'remember me' (no config - built in!):
token.setRememberMe(true);
//嘗試進(jìn)行登錄用戶,如果登錄失敗了,,我們進(jìn)行一些處理
try {
currentUser.login(token);
//當(dāng)我們獲登錄用戶之后
log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
// 查看用戶是否有指定的角色
if (currentUser.hasRole("client")) {
log.info("Look is in your role");
} else {
log.info(".....");
}
// 查看用戶是否有某個(gè)權(quán)限
if (currentUser.isPermitted("look:desk")) {
log.info("You can look. Use it wisely.");
} else {
log.info("Sorry, you can't look.");
}
if (currentUser.isPermitted("winnebago:drive:eagle5")) {
log.info("You are permitted to 'drive' the 'winnebago' with license plate (id) 'eagle5'. " +
"Here are the keys - have fun!");
} else {
log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
}
//登出
currentUser.logout();
} catch (UnknownAccountException uae) {
//賬戶不存在的操作
} catch (IncorrectCredentialsException ice) {
//密碼不正確
} catch (LockedAccountException lae) {
//用戶被鎖定了
} catch (AuthenticationException ae) {
//無(wú)法判斷的情形
}
}
System.exit(0);
}
}
|