Shiro-HelloWord-白红宇的个人博客

Shiro-HelloWord

发布日期：2021-07-12 08:49:15 浏览次数：4 分类：技术文章

本文共 5488 字，大约阅读时间需要 18 分钟。

HelloWorld

　　Shiro的HelloWorld不是我们写的，而是看Shiro给我们提供的一段代码。通过这段代码可以看到Shiro大致的使用方式。

1.找到Shiro的jar包

　　目前的最新稳定版本是1.3.2

　　需要的4个jar包：

　　log4j-1.2.15.jar

　　shiro-all-1.3.2.jar

　　slf4j-api-1.6.1.jar

　　slf4j-log4j12-1.6.1.jar

2.创建一个java工程，导入jar包，及从shiro-root-1.3.2-source-release\shiro-root-1.3.2\samples\quickstart\src\main 中拷贝resources下的配置文件及 Quickstart.java

3.对重要的代码做出中文注释

package com.java.shiro.helloworld;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.*;import org.apache.shiro.config.IniSecurityManagerFactory;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.session.Session;import org.apache.shiro.subject.Subject;import org.apache.shiro.util.Factory;import org.slf4j.Logger;import org.slf4j.LoggerFactory;/** * Simple Quickstart application showing how to use Shiro's API. * * @since 0.9 RC2 */public class Quickstart {    private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);    public static void main(String[] args) {        // The easiest way to create a Shiro SecurityManager with configured        // realms, users, roles and permissions is to use the simple INI config.        // We'll do that by using a factory that can ingest a .ini file and        // return a SecurityManager instance:        // Use the shiro.ini file at the root of the classpath        // (file: and url: prefixes load from files and urls respectively):        Factory
     
       factory = new IniSecurityManagerFactory("classpath:shiro.ini");        SecurityManager securityManager = factory.getInstance();        // for this simple example quickstart, make the SecurityManager        // accessible as a JVM singleton.  Most applications wouldn't do this        // and instead rely on their container configuration or web.xml for        // webapps.  That is outside the scope of this simple quickstart, so        // we'll just do the bare minimum so you can continue to get a feel        // for things.        SecurityUtils.setSecurityManager(securityManager);        // Now that a simple Shiro environment is set up, let's see what you can do:        // get the currently executing user:        //获取当前的Subject. 调用SecurityUtils.getSubject();        Subject currentUser = SecurityUtils.getSubject();        // Do some stuff with a Session (no need for a web or EJB container!!!)        //测试使用Session        //获取Session：Subejct#getSession()        Session session = currentUser.getSession();        session.setAttribute("someKey", "aValue");        String value = (String) session.getAttribute("someKey");        if (value.equals("aValue")) {            log.info("----->Retrieved the correct value! [" + value + "]");        }        // let's login the current user so we can check against roles and permissions:        //测试当前的用户是否已经被认证，即是否已经登录 调用Subject的isAuthenticated()        if (!currentUser.isAuthenticated()) {            //把用户名和密码封装为 UsernamePasswordToken 对象            UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");            //remeberme            token.setRememberMe(true);            try {                //执行登录                currentUser.login(token);                            }             //若没有指定的账户，则shiro抛出UnknownAccountException            catch (UnknownAccountException uae) {                log.info("There is no user with username of " + token.getPrincipal());            }             //若账户存在，密码不匹配 IncorrectCredentialsException            catch (IncorrectCredentialsException ice) {                log.info("Password for account " + token.getPrincipal() + " was incorrect!");            }             //用户被锁定的异常            catch (LockedAccountException lae) {                log.info("The account for username " + token.getPrincipal() + " is locked.  " +                        "Please contact your administrator to unlock it.");            }            // ... catch more exceptions here (maybe custom ones specific to your application?            //所有认证时异常的父类            catch (AuthenticationException ae) {                //unexpected condition?  error?            }        }        //say who they are:        //print their identifying principal (in this case, a username):        log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");        //test a role:        //测试是否有某一个角色 调用Subject的hasRole()        if (currentUser.hasRole("schwartz")) {            log.info("May the Schwartz be with you!");        } else {            log.info("Hello, mere mortal.");        }        //test a typed permission (not instance-level)        //测试用户是否具备某一个行为 调用Subject的isPermitted()        if (currentUser.isPermitted("lightsaber:weild")) {            log.info("You may use a lightsaber ring.  Use it wisely.");        } else {            log.info("Sorry, lightsaber rings are for schwartz masters only.");        }        //a (very powerful) Instance Level permission:        //测试用户是否具备某一个行为，比上边那个更具体 :用户user可以对zhangsan进行delete操作        if (currentUser.isPermitted("user:delete:zhangsan")) {            log.info("------>You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " +                    "Here are the keys - have fun!");        } else {            log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");        }        //all done - log out!        //执行登出 Subject的logout()        currentUser.logout();        System.exit(0);    }}

　通常在项目中不会使用硬编码的方式，会使用注解的方式来进行配置。

转载于:https://www.cnblogs.com/wq3435/p/6254576.html

转载地址：https://blog.csdn.net/ankan7400/article/details/102088930 如侵犯您的版权，请留言回复原文章的地址，我们会给您删除此文章，给您带来不便请您谅解！

上一篇：Linux下更改oracle客户端字符集和服务端字符集

下一篇：kafka系列之(3)——Coordinator与offset管理和Consumer Rebalance