package com.wjz.demo;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class Quickstart {
private static final Logger log = LoggerFactory.getLogger(Quickstart.class);
public static void main(String[] args) {
// 获得用户信息
Subject currentUser = SecurityUtils.getSubject();
// 获得会话信息
Session session = currentUser.getSession();
session.setAttribute("url", "www.baidu.com");
// 判断用户是否已经登录
if (currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken("username", "password");
token.setRememberMe(true);
// 当前用户拿着Token去登录系统
try {
currentUser.login(token);
} catch (UnknownAccountException e) {
// TODO 用户不存在
} catch (IncorrectCredentialsException e) {
// TODO 用户名或密码不正确
// For example, this exception might be thrown
//if a user's password is "secret" and "secrets" was entered by mistake
} catch (LockedAccountException e) {
// TODO 用户被锁定不能登录
} catch (AuthenticationException e) {
// TODO 认证过程中意想不到的异常
}
}
// Principal -用户的基本信息
log.info("User ["+ currentUser.getPrincipal() +"] logged in successfully.");
// 判断会员是否有某个权限 -角色级权限控制
if (currentUser.hasRole("finance")) {
// ignore
}
// 判断用户是否有权限请求特定的路径 -用户级权限控制
if (currentUser.isPermitted("finance:selectById")) {
// ignore
}
// 注销登录
currentUser.logout();
// TODO 至于谁负责在登录时获得用户数据(用户名和密码、角色和权限),以及谁在运行时真正执行安全检,Shiro 配置使用Realm来完成这些工作
}
}
