Shiro学习

Authenticator : 认证器,管理登入、登出

Authorizer : 授权器,管理主体有哪些权限

Session Manager : session管理器

Session DAO : session的增删改查

Cache Manager : 缓存管理器

Realms : shiro与数据源之间的桥梁,获取认证信息、权限数据、角色数据都是通过realms获取的

 

1、Shiro认证

创建SecurityManager->主体提交认证请求->SecurityManager认证->Authenticator认证->Realms验证

SimpleAccountRealm

DefaultSecurityManager

SecurityUtils

UsernamePasswordToken

用户名不正确:找不到用户名异常

密码不正确:不正确的凭证异常

subject.login(token);

subject.isAuthenticated();

2、Shiro授权

创建SecurityManager->主题授权->SecurityManager授权->Authorizer授权->Realm获取角色权限数据

subject.checkRoles("admin","user1");

3、Realm

内置Realm:IniRealm JdbcRealm

IniRealm iniRealm = new IniRealm("classpath:user.ini");

subject.checkPermission("user:delete");

user.ini文件内容如下:

[Users]

Mark=123456,admin

[roles]

admin=user:delete,user:update

 

DruidDataSource druidDataSource = new DruidDataSource();

druidDataSource.setUrl("jdbc:mysql://localhost:3306/test");

druidDataSource.setUsername("root");

druidDataSource.setPassword("root");

JdbcRealm jdbcRealm = new JdbcRealm();

jdbcRealm.setDataSource(dataSource);

jdbcRealm.setPermissionsLookupEnabled(true);

select password from users where username = ?

select passwork,password_salt from users where username = ?

select role_name from user_roles where username = ?

select permission from roles_permissions where role_name = ?

users表:id,username,password

user_roes表:id,Mark,admin

roles_permissions表:id,role_name,permission

 

JdbcRealm

String sql = "select password from test_user where user_name = ?";

jdbcRealm.setAuthenticationQuery(sql);

String roleSql = "select role_name from test_user_role where user_name = ?";

jdbcRealm.setUserRolesQuery(roleSql);

 

自定义授权,新增CustomRealm类,需要继承AuthorizingRealm抽象类,实现它的抽象方法(这里用集合模拟从数据库/缓存中获取数据)

SimpleAuthorizationInfo:授权信息

SimpleAuthenticationInfo:认证信息

posted @ 2018-07-24 13:59  sunflower627  阅读(136)  评论(0编辑  收藏  举报