shiro在以前的項目中也使用過,一直沒有系統的總結過,這段時間打算好好的總結下shiro相關的知識,同時也夯實下shiro相關的知識。
- 什麼是shiro
Apache Shiro是一個強大且易用的Java安全框架,執行身份驗證、授權、密碼和會話管理。
使用Shiro的易於理解的API,您可以快速、輕鬆地獲得任何應用程序,從最小的移動應用程序
到最大的網絡和企業應用程序。
- shiro的作用
shiro的作用領域總的說來劃分爲以下幾個部分:身份驗證、授權、會話管理、加密
- 入門案例
pom.xml主要依賴
<properties>
<spring.version>4.0.2.RELEASE</spring.version>
<shiro.version>1.3.2</shiro.version>
</properties>
<dependencies>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.25</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<version>1.7.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
<!--shiro相關依賴-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
</dependency>
<!-- spring相關依賴-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
shiro.ini
[users]
root = secret, admin #用戶爲root,密碼爲secret、root用戶的角色爲admin
guest = guest, guest
presidentskroob = 12345, president
darkhelmet = ludicrousspeed, darklord, schwartz
lonestarr = vespa, goodguy, schwartz
[roles]
admin = * #admin用戶具有所有的權限
schwartz = lightsaber:*
goodguy = user:delete:zhangsan #goodguy用戶具有刪除用戶張三的權限
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class QuickStart {
private static final org.apache.log4j.Logger logger = Logger.getLogger(QuickStart.class);
public static void main(String[] args) {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
session.setAttribute("key","shiro value");
String v = (String) session.getAttribute("key");
if(v.equals("shiro value")){
logger.info("---> this value is ["+ v +"]");
}
if(!subject.isAuthenticated()){
UsernamePasswordToken token = new UsernamePasswordToken("lonestarr","vespa");
token.setRememberMe(true);
try {
subject.login(token);
}catch (UnknownAccountException e) {
logger.info("--->there is no user with name of"+ token.getPrincipal());
return;
}catch (IncorrectCredentialsException e) {
logger.info("--->password for account "+ token.getPrincipal()+"was incorrect!");
return;
}catch (LockedAccountException e) {
logger.info("--->the account for username"+ token.getPrincipal() + "is locked");
return;
}catch (AuthenticationException e) {
logger.info("authentication error!");
return;
}
}
logger.info("--->user ["+subject.getPrincipal()+"] login in successfully");
//驗證是否含有指定的角色
if(subject.hasRole("shcsd")){
logger.info("---> has the role of shcsd");
}else{
logger.info("---> has no the role of shcsd");
}
//驗證是否含有特定的權限
if(subject.isPermitted("lightsaber:weild")){
logger.info("---> you have the permit of lightsaber:weild ");
}else{
logger.info("---> you do not have the permit of lightsaber:weild ");
}
//針對特定角色的權限
if(subject.isPermitted("user:delete:zhangsan")){
logger.info("--->you have the permit of user:delete:zhangsan");
}else{
logger.info("--->you do not have the permit of user:delete:zhangsan");
}
//登出系統
System.out.println("---->"+subject.isAuthenticated());
subject.logout();
System.out.println("---->"+subject.isAuthenticated());
System.exit(0);
}
}
- 源碼地址
https://github.com/kkcl/kkcl-learning-example/tree/master/shiro