权限架构一般分为两个模块:认证与授权,前面三篇主要讲的就是认证的内容,现在开始授权
环境:
pom.xml
<dependencies>
<!-- shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<!--日志问题的解决-->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.15</version>
</dependency>
<!--日志-->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
</dependencies>目录结构:
代码:
log4j.properties
log4j.rootLogger=DEBUG, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%t] - %m%nshiro-realm-authz.ini
[main]
#注入自定义realm给securityManager
myRealm = xyz.mrwood.study.realm.MyRealm
securityManager.realms = $myRealmMyRealm.java
package xyz.mrwood.study.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.Arrays;
import java.util.HashMap;
/**
* Created by Administrator on 2016/2/18.
*/
public class MyRealm extends AuthorizingRealm {
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// 这里应该从数据库获得权限
info.addStringPermissions(Arrays.asList("user:create", "user:update"));
return info;
}
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String principal = (String) token.getPrincipal();
// 模拟数据库
HashMap<String, Object> users = new HashMap<>();
users.put("kiwi", "123456");
users.put("fly", "123");
if (users.containsKey(principal)) {
return new SimpleAuthenticationInfo(principal, users.get("kiwi").toString(), getName());
}
return null;
}
}AuthzTest.java
package xyz.mrwood.study.authorization;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;
/**
* Created by Administrator on 2016/2/18.
*/
public class AuthzTest {
@Test
public void testCustomAuthz(){
// 构建SecurityManager环境
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm-authz.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
// 认证
AuthenticationToken token = new UsernamePasswordToken("kiwi", "123456");
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
} catch (AuthenticationException e) {
System.out.println("帐号或密码错误!");
}
System.out.println("认证:" + subject.isAuthenticated());
// 授权
if (subject.isAuthenticated()){
/*
is开头的是判断资源,
has开头的是角色,
check开头的不返回boolean,如果没有权限就拖异常
*/
System.out.println("用户修改权限:" + subject.isPermitted("user:update:1"));
try {
subject.checkPermission("user:create");
} catch (AuthorizationException e) {
System.out.println("权限不足!");
}
System.out.println("用户创建权限:" );
}
}
}总结:
1. 在shiro中realm其实就相当于数据源
2. 在授权中有基于角色也有基于资源的
扫一扫
482
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
