shiro学习(一)
2024-09-28 00:56:10
基础依赖:
shiro-core,junit(因为在单元测试中)
test.class
public class AuthenticationTest {
SimpleAccountRealm realm = new SimpleAccountRealm();
@Before
public void addUser(){
realm.addAccount("mark","123456");
}
@Test
public void testAuthentication(){
//1.构建securityManager环境
DefaultSecurityManager securityManager = new DefaultSecurityManager();
securityManager.setRealm(realm);
//2.主体提交认证请求
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
//获取主体之后,就提交认证
UsernamePasswordToken token = new UsernamePasswordToken("mark","123456");
//退出认证
subject.login(token);
System.out.println("是否认证成功isAuthenticated:" + subject.isAuthenticated());
//退出
subject.logout();
System.out.println("是否认证成功isAuthenticated:" + subject.isAuthenticated());
} }
//控制台
是否认证成功isAuthenticated:true
//如果用户名不正确,报
org.apache.shiro.authc.UnknownAccountException: Realm
//如果密码不正确,报
org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials for token
授权检测 subject.checkRole("father");
SimpleAccountRealm realm = new SimpleAccountRealm();
@Before
public void addUser(){
realm.addAccount("mark","123456","father");
}
@Test
public void testAuthentication(){
//1.构建securityManager环境
DefaultSecurityManager securityManager = new DefaultSecurityManager();
securityManager.setRealm(realm);
//2.主体提交认证请求
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
//获取主体之后,就提交认证
UsernamePasswordToken token = new UsernamePasswordToken("mark","123456");
subject.login(token);
//打印认证是否成功
System.out.println("是否认证成功isAuthenticated:" + subject.isAuthenticated());
//授权
subject.checkRole("father");
//退出
subject.logout();
System.out.println("是否认证成功isAuthenticated:" + subject.isAuthenticated()); }
}
如果授权角色改为mother ,则报错 org.apache.shiro.authz.UnauthorizedException: Subject does not have role [mother]
自定义IniRealm
public class IniRealmTest {
IniRealm iniRealm=new IniRealm("classpath:user.ini");
@Test
public void testIniRealm(){
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(iniRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("admin", "admin");
subject.login(token);
System.out.println("自定义认证:"+subject.isAuthenticated());
//subject.logout();
//验证权限名字
subject.checkRole("admin");
//验证,权限名是否拥有该权限
subject.checkPermission("user:delete");
//验证,权限名是否拥有多种相应权限
subject.checkPermissions("user:delete","user:update");
}
}
user.ini配置文件
其位置:
[users]
#用户名,密码,权限名字
admin=admin,admin
[roles]
#权限名=(拥有)删除用户的权限
admin=user:delete,user:update
JdbcRealm
首先要添加:mysql、druid依赖
代码:
public class JdbcRealmTest {
/*
JdbcRealm需要访问数据 */
DruidDataSource dataSource=new DruidDataSource();
{
dataSource.setUrl("jdbc:mysql://localhost:3306/shiro_test");
dataSource.setUsername("root");
dataSource.setPassword("");
}
@Test
public void testJdbcRealm(){
JdbcRealm jdbcRealm=new JdbcRealm();
jdbcRealm.setDataSource(dataSource);
//1.构建securityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(jdbcRealm); SecurityUtils.setSecurityManager(defaultSecurityManager);
//2.获取主体 进行认证
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("admin","admin");
subject.login(token);
subject.isAuthenticated();
}
}
数据库shiro-test,表users
SQL语句,在JdbcRealm.class默认写好
深入,查询用户拥有的角色以及该角色拥有的权限
public class JdbcRealmTest {
/*
JdbcRealm需要访问数据 */
DruidDataSource dataSource=new DruidDataSource();
{
dataSource.setUrl("jdbc:mysql://localhost:3306/shiro_test?useUnicode=true&characterEncoding=utf-8&useSSL=false");
dataSource.setUsername("root");
dataSource.setPassword("");
}
@Test
public void testJdbcRealm(){
JdbcRealm jdbcRealm=new JdbcRealm();
jdbcRealm.setDataSource(dataSource);
//jdbc设置权限开关
jdbcRealm.setPermissionsLookupEnabled(true);
//1.构建securityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(jdbcRealm); SecurityUtils.setSecurityManager(defaultSecurityManager);
//2.获取主体 进行认证
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("admin","admin");
subject.login(token);
subject.isAuthenticated();
subject.checkRole("admin");
subject.checkRoles("admin","user");
subject.checkPermission("user:select");
}
}
注意:查询的表需要sql语句的表一致,不然报错
注意查询权限数据需jdbcrealm需开启权限开关
代码: jdbcRealm.setPermissionsLookupEnabled(true);
哈哈哈,如果表名不一致,当然也可以啊,那就要手写SQL语句(也不难,抄袭而已)
SQL语句:
//认证
String sql_pwd="select password from test_user where username= ?";
jdbcRealm.setAuthenticationQuery(sql_pwd);
//认证 角色
String sql_role="select role_name from test_user_roles where username=?";
jdbcRealm.setUserRolesQuery(sql_role);
//认证 权限
String sql_per="select permission from test_roles_permissions where role_name=?";
jdbcRealm.setPermissionsQuery(sql_per);
测试类
public class JdbcRealmSQL {
//连接数据库
DruidDataSource dataSource=new DruidDataSource();
{
dataSource.setUrl("jdbc:mysql://localhost:3306/shiro_test?useUnicode=true&characterEncoding=utf-8&useSSL=false");
dataSource.setUsername("root");
dataSource.setPassword("");
}
@Test
public void testSql(){
//自定义JdbcRealm
JdbcRealm jdbcRealm = new JdbcRealm();
jdbcRealm.setDataSource(dataSource);
//开启权限设置开关
jdbcRealm.setPermissionsLookupEnabled(true);
/*
下面是自定义sql语句,查询的是以test_开头的表
模板语句
"select password from users where username = ?";
"select password, password_salt from users where username = ?";
"select role_name from user_roles where username = ?";
"select permission from roles_permissions where role_name = ?";
*/
//认证
String sql_pwd="select password from test_user where username= ?";
jdbcRealm.setAuthenticationQuery(sql_pwd);
//认证 角色
String sql_role="select role_name from test_user_roles where username=?";
jdbcRealm.setUserRolesQuery(sql_role);
//认证 权限
String sql_per="select permission from test_roles_permissions where role_name=?";
jdbcRealm.setPermissionsQuery(sql_per); DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(jdbcRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("xiaoming","123456");
//认证 登录
subject.login(token);
//认证 角色
subject.checkRole("admin");
subject.checkRoles("admin","user");
//认证 权限
subject.checkPermission("user:delete");
}
}
表
最新文章
- [原创]Matlab2016b打包为C++的lib文件
- 使用css3的动画模拟太阳系行星公转
- [转载] 自定义百度网盘分享密码 (Javascript)
- JS变量和函数的一些理解
- python_如何建立包
- checkbox全选功能
- IOS中nil/Nil/NULL的区别
- 大体了解Lua的语法
- PHP内置函数
- 01:Hello, World!
- cocos2d-x anchorPoint
- HDU 4635 Strongly connected(强连通分量缩点+数学思想)
- STM8单片机启动流程彻底探究--基于IAR开发环境
- coursera_poj_魔兽世界终结版
- 浅谈JavaScript的面向对象程序设计(一)
- 用UltraISO制作CentOS U盘安装盘
- java写word转pdf
- cmd的变量总结
- grep -v、-e、-E
- 深入理解Java虚拟机读书笔记8----Java内存模型与线程
热门文章
- httpClinent工具类
- Flutter移动电商实战 --(11)首页_屏幕适配方案和制作
- 小D课堂 - 新版本微服务springcloud+Docker教程_5-04 feign结合hystrix断路器开发实战下
- Scrapy+redis实现分布式爬虫
- unieap 导出文档错误
- .Net Core WebApi上传图片的两种方式
- 《精通并发与Netty》学习笔记(02 - 服务端程序编写)
- 华三F100系列防火墙 、华为USG6300系列防火 GRE 隧道配置
- Javadoc文档生成工具-自定义版
- mysql数据库之索引与慢查询优化