本文深入探讨了Shiro框架下如何通过Subject概念实现当前用户的登录、验证及权限检查,并展示了如何利用其API进行角色判断与特定权限的测试。包括登录流程、权限验证与退出系统的完整实现。
//all done - log out!
currentUser.logout();Shiro 的API 使用它的Subject 概念从根本上代表了“当前用户”的概念。
如以下代码:
public static User getSessionUser() {
Subject subject = SecurityUtils.getSubject();
if (subject != null && subject.getPrincipal() != null && subject.getPrincipal() instanceof User) {
return (User) subject.getPrincipal();
}
return null;
}让当前用户进行登陆
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
log.info("There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
log.info("Password for account " + token.getPrincipal() + " was incorrect!");
} catch (LockedAccountException lae) {
log.info("The account for username " + token.getPrincipal() + " is locked. " +
"Please contact your administrator to unlock it.");
}
// ... catch more exceptions here (maybe custom ones specific to your application?
catch (AuthenticationException ae) {
//unexpected condition? error?
}
}判断是否有某种角色
//test a role:
if (currentUser.hasRole("schwartz")) {
log.info("May the Schwartz be with you!");
} else {
log.info("Hello, mere mortal.");
}判断是否有某种权限
//test a typed permission (not instance-level)
if (currentUser.isPermitted("lightsaber:weild")) {
log.info("You may use a lightsaber ring. Use it wisely.");
} else {
log.info("Sorry, lightsaber rings are for schwartz masters only.");
}
//a (very powerful) Instance Level permission:
if (currentUser.isPermitted("winnebago:drive:eagle5")) {
log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'. " +
"Here are the keys - have fun!");
} else {
log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
}退出系统
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
