Shiro-权限认证(授权)-编程式授权

权限认证

权限认证也就是访问控制,即在应用中控制谁能访问哪些资源

权限认证核心要素

  • 权限 : 即操作资源的权利,比如访问某个页面,以及对某个模块的数据的添加,修改,删除,查看的权利
  • 角色 : 是权限的集合,一种角色可以包含多种权限
  • 用户 : 在 Shiro 中,代表访问系统的用户,即Subject

授权方式

  • 编程式授权
    • 基于角色的访问控制
    • 基于权限的访问控制
  • 注解式授权
  • Jsp 标签授权

编程式授权实现

抽取公共代码生成 ShiroUtil

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package com.zhen.common;
 
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
 
public class ShiroUtil {
 
    public static Subject login(String configFile,String userName,String password){
        //读取配置文件,初始化SecurityManager工厂
        Factory<SecurityManager> factory = new IniSecurityManagerFactory(configFile);
        //获取securityManager实例
        SecurityManager securityManager = factory.getInstance();
        //把securityManager绑定到SecurityUtils
        SecurityUtils.setSecurityManager(securityManager);
        //获取当前用户
        Subject currentUser = SecurityUtils.getSubject();
        //创建token令牌,用户名/密码
        UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
        try {
            //身份认证
            currentUser.login(token);
            System.out.println("身份认证成功!");
        } catch (AuthenticationException e) {
            e.printStackTrace();
            System.out.println("身份认证失败!");
        }
         
        return currentUser;
    }
     
}

  

基于角色的访问控制
  • 新建 shiro_role.ini文件,两个用户,两种角色 
    [users]
zhen=123,role1,role2
jack=jack,role1

     

  • 新建测试类
    ?
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    package com.zhen.shiro;
     
    import java.util.ArrayList;
    import java.util.List;
    import org.apache.shiro.subject.Subject;
    import org.junit.Test;
    import com.zhen.common.ShiroUtil;
    import junit.framework.TestCase;
     
    //基于角色的
    public class RoleTest extends TestCase {
         
        @Test
        public void testHasRole(){
            String configFile = "classpath:shiro_role.ini";
            String userName = "jack";
            String password = "jack";
            Subject currentUser = ShiroUtil.login(configFile, userName, password);
            if (currentUser.hasRole("role2")) {
                System.out.println(userName+"有 role2 权限");
            }else{
                System.out.println(userName+"没有 role2 权限");
            }
            currentUser.logout();
        }
         
        @Test
        public void testHasRoles(){
            String configFile = "classpath:shiro_role.ini";
            String userName = "jack";
            String password = "jack";
            Subject currentUser = ShiroUtil.login(configFile, userName, password);
            List<String> roles = new ArrayList<String>();
            roles.add("role1");
            roles.add("role2");
             
            //返回一个boolean数组
            boolean[] results = currentUser.hasRoles(roles);
            for (int i = 0; i < results.length; i++) {
                if(results[i]){
                    System.out.println(userName+"有 "+roles.get(i)+" 权限");
                }else{
                    System.out.println(userName+"没有 "+roles.get(i)+" 权限");
                }
            }
            currentUser.logout();
        }
         
        @Test
        public void testHasAllRoles(){
            String configFile = "classpath:shiro_role.ini";
            String userName = "zhen";
            String password = "123";
            Subject currentUser = ShiroUtil.login(configFile, userName, password);
            List<String> roles = new ArrayList<String>();
            roles.add("role1");
            roles.add("role2");
             
            //是否拥有所有权限
            boolean result = currentUser.hasAllRoles(roles);
            if(result){
                System.out.println(userName+"有 所有权限");
            }else{
                System.out.println(userName+"没有 所有权限");
            }
            currentUser.logout();
        }
         
        @Test
        public void testCheckRoles(){
            //check 没有返回值,没有该权限的话就会抛异常
            String configFile = "classpath:shiro_role.ini";
            String userName = "jack";
            String password = "jack";
            Subject currentUser = ShiroUtil.login(configFile, userName, password);
            List<String> roles = new ArrayList<String>();
            roles.add("role1");
            roles.add("role2");
            currentUser.checkRole(roles.get(1));
            currentUser.logout();
        }
         
    }

     

基于权限的访问控制
  • 新建 Shiro_permission.ini文件,内容如下: 
    [users]
zhen=123,role1,role2
jack=jack,role1
[roles]
role1=user:select
role2=user:add,user:update,user:delete

    role1 对应有 user:select 权限
    role2 对应有 user:add , user:update , user:delete 权限

  • 新建测试类,代码如下:
    ?
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    package com.zhen.shiro;
     
    import org.apache.shiro.subject.Subject;
    import org.junit.Test;
     
    import com.zhen.common.ShiroUtil;
     
    import junit.framework.TestCase;
     
    //基于权限的
    public class PermissionTest extends TestCase {
         
        @Test
        public void testIsPermission(){
            String configFile = "classpath:shiro_permission.ini";
            String userName = "zhen";
            String password = "123";
            Subject currentUser = ShiroUtil.login(configFile, userName, password);
            System.out.println(currentUser.isPermitted("user:add")?"有add权限":"没有add权限");
            System.out.println(currentUser.isPermitted("user:select")?"有select权限":"没有select权限");
            boolean[] results = currentUser.isPermitted("user:add","user:select");
            System.out.println(results[0]?"有add权限":"没有add权限");
            System.out.println(results[1]?"有select权限":"没有select权限");
            System.out.println(currentUser.isPermittedAll("user:add","user:select")?"有user:add&user:select权限":"user:add&user:select权限不全有");
            currentUser.logout();
        }
         
        @Test
        public void testCheckPermission(){
            String configFile = "classpath:shiro_permission.ini";
            String userName = "zhen";
            String password = "123";
            Subject currentUser = ShiroUtil.login(configFile, userName, password);
            currentUser.checkPermission("user:add");
            currentUser.checkPermission("user:select");
            currentUser.checkPermissions("user:add","user:select");
            currentUser.logout();
        }
         
    }

      

     

posted on   嘣嘣嚓  阅读(565)  评论(0编辑  收藏  举报

编辑推荐:
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
阅读排行:
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 记一次.NET内存居高不下排查解决与启示

导航

< 2025年3月 >
23 24 25 26 27 28 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31 1 2 3 4 5
点击右上角即可分享
微信分享提示