shiro在以前的项目中也使用过,一直没有系统的总结过,这段时间打算好好的总结下shiro相关的知识,同时也夯实下shiro相关的知识。
- 什么是shiro
Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。
使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序
到最大的网络和企业应用程序。
- shiro的作用
shiro的作用领域总的说来划分为以下几个部分:身份验证、授权、会话管理、加密
- 入门案例
pom.xml主要依赖
<properties>
<spring.version>4.0.2.RELEASE</spring.version>
<shiro.version>1.3.2</shiro.version>
</properties>
<dependencies>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.25</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<version>1.7.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
<!--shiro相关依赖-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
</dependency>
<!-- spring相关依赖-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
shiro.ini
[users]
root = secret, admin #用户为root,密码为secret、root用户的角色为admin
guest = guest, guest
presidentskroob = 12345, president
darkhelmet = ludicrousspeed, darklord, schwartz
lonestarr = vespa, goodguy, schwartz
[roles]
admin = * #admin用户具有所有的权限
schwartz = lightsaber:*
goodguy = user:delete:zhangsan #goodguy用户具有删除用户张三的权限
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class QuickStart {
private static final org.apache.log4j.Logger logger = Logger.getLogger(QuickStart.class);
public static void main(String[] args) {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
session.setAttribute("key","shiro value");
String v = (String) session.getAttribute("key");
if(v.equals("shiro value")){
logger.info("---> this value is ["+ v +"]");
}
if(!subject.isAuthenticated()){
UsernamePasswordToken token = new UsernamePasswordToken("lonestarr","vespa");
token.setRememberMe(true);
try {
subject.login(token);
}catch (UnknownAccountException e) {
logger.info("--->there is no user with name of"+ token.getPrincipal());
return;
}catch (IncorrectCredentialsException e) {
logger.info("--->password for account "+ token.getPrincipal()+"was incorrect!");
return;
}catch (LockedAccountException e) {
logger.info("--->the account for username"+ token.getPrincipal() + "is locked");
return;
}catch (AuthenticationException e) {
logger.info("authentication error!");
return;
}
}
logger.info("--->user ["+subject.getPrincipal()+"] login in successfully");
//验证是否含有指定的角色
if(subject.hasRole("shcsd")){
logger.info("---> has the role of shcsd");
}else{
logger.info("---> has no the role of shcsd");
}
//验证是否含有特定的权限
if(subject.isPermitted("lightsaber:weild")){
logger.info("---> you have the permit of lightsaber:weild ");
}else{
logger.info("---> you do not have the permit of lightsaber:weild ");
}
//针对特定角色的权限
if(subject.isPermitted("user:delete:zhangsan")){
logger.info("--->you have the permit of user:delete:zhangsan");
}else{
logger.info("--->you do not have the permit of user:delete:zhangsan");
}
//登出系统
System.out.println("---->"+subject.isAuthenticated());
subject.logout();
System.out.println("---->"+subject.isAuthenticated());
System.exit(0);
}
}
- 源码地址
https://github.com/kkcl/kkcl-learning-example/tree/master/shiro