资源准备
所需jar包
shiro-permission.ini
[users]
#\u7528\u6237zhang\u7684\u5bc6\u7801\u662f123\uff0c\u6b64\u7528\u6237\u5177\u6709role1\u548crole2\u4e24\u4e2a\u89d2\u8272
xiaoming=123456,role1,role2
xiaohua=123,role2
#\u6743\u9650
[roles]
#\u89d2\u8272role1\u5bf9\u8d44\u6e90user\u62e5\u6709create\u3001update\u6743\u9650
role1=user:create,user:update
#\u89d2\u8272role2\u5bf9\u8d44\u6e90user\u62e5\u6709create\u3001delete\u6743\u9650
role2=user:create,user:delete
#\u89d2\u8272role3\u5bf9\u8d44\u6e90user\u62e5\u6709create\u6743\u9650
role3=user:create
AuthorizationTest.java
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.util.Factory;
import org.junit.Test;
import javax.security.auth.Subject;
import java.util.Arrays;
public class AuthorizationTest {
//角色授权,资源授权测试
@Test
public void testAuthorization(){
}
//自定义realm进行资源授权测试
@Test
public void testAuthorizationCustomRealm(){
IniSecurityManagerFactory factory = new IniSecurityManagerFactory(
"classpath:shiro-permission.ini");
//创建securityManager
SecurityManager securityManager = factory.getInstance();
//将securityManager设置到当前的运行环境中去
SecurityUtils.setSecurityManager(securityManager);
//创建subject
org.apache.shiro.subject.Subject subject = SecurityUtils.getSubject();
//创建令牌
UsernamePasswordToken token = new UsernamePasswordToken("xiaoming","123456");
//执行认证
try{
subject.login(token);
}catch(AuthenticationException e){
e.printStackTrace();
}
System.out.println("认证状态:"+subject.isAuthenticated());
//认证通过后执行授权
//使用check方法,不存在就抛出异常
//subject.checkRole("111");
//基于资源的授权
//isPermittedch传入权限标识符
boolean isPermitted = subject.isPermitted("user:create:1");
System.out.println("单个权限user:create判断:"+isPermitted);
boolean isPermittedAll = subject.isPermittedAll("user:create:1","user:update:1");
System.out.println("多个权限判断:"+isPermittedAll);
}
}
自定义CustomRealm
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.ArrayList;
import java.util.List;
public class CustomRealm extends AuthorizingRealm {
@Override
public void setName(String name){
super.setName("customRealmMd5");
}
//用于认证
@Override
protected org.apache.shiro.authc.AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
return null;
}
//用于授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userCode = String.valueOf(principals.getPrimaryPrincipal());
//根据身份信息获取权限信息
//连接数据库
//模拟从数据库获取信息
List<String> permissions = new ArrayList<String>();
permissions.add("user:create");//用户创建权限
permissions.add("user:update"); //商品添加权限
//查到权限数据返回(包括边上的permissions)
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addStringPermissions(permissions);
return simpleAuthorizationInfo;
}
}
以上第一个方法用来认证,已在上一篇文章中讲到,本文不再提及。
对**testAuthorizationCustomRealm()**方法进行测试,输入如下:
之后我们测试它错误信息的报错,将AuthorizationTest中的该行代码修改如下:
多添加了一个s
再次测试方法:
我们可以看到,控制台并无报错,只是权限判断失败。