apache shiro简单经典例子
注:大部分内容摘录Apache shiro使用手册[*]import org.apache.shiro.SecurityUtils;
[*]import org.apache.shiro.authc.*;
[*]import org.apache.shiro.config.IniSecurityManagerFactory;
[*]import org.apache.shiro.mgt.SecurityManager;
[*]import org.apache.shiro.session.Session;
[*]import org.apache.shiro.subject.Subject;
[*]import org.apache.shiro.util.Factory;
[*]import org.slf4j.Logger;
[*]import org.slf4j.LoggerFactory;
[*]
[*]public class Quickstart {
[*]
[*] private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);
[*]
[*] public static void main(String[] args) {
[*] Factory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
[*] SecurityManager securityManager = factory.getInstance();
[*] SecurityUtils.setSecurityManager(securityManager);
[*] Subject currentUser = SecurityUtils.getSubject();
[*] Session session = currentUser.getSession();
[*] session.setAttribute("someKey", "aValue");
[*] String value = (String) session.getAttribute("someKey");
[*] if (value.equals("aValue")) {
[*] log.info("Retrieved the correct value! [" + value + "]");
[*] }
[*] if (!currentUser.isAuthenticated()) {
[*] UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
[*] token.setRememberMe(true);
[*] try {
[*] currentUser.login(token);
[*] } catch (UnknownAccountException uae) {
[*] log.info("There is no user with username of " + token.getPrincipal());
[*] } catch (IncorrectCredentialsException ice) {
[*] log.info("Password "+token.getCredentials() +"for account " + token.getPrincipal() + " was incorrect!");
[*] } catch (LockedAccountException lae) {
[*] log.info("The account for username " + token.getPrincipal() + " is locked." +
[*] "Please contact your administrator to unlock it.");
[*] }
[*] catch (AuthenticationException ae) {
[*]
[*] }
[*] }
[*]
[*] log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
[*] if (currentUser.hasRole("schwartz")) {
[*] log.info("May the Schwartz be with you!");
[*] } else {
[*] log.info("Hello, mere mortal.");
[*] }
[*]
[*] if (currentUser.isPermitted("lightsaber:weild")) {
[*] log.info("You may use a lightsaber ring.Use it wisely.");
[*] } else {
[*] log.info("Sorry, lightsaber rings are for schwartz masters only.");
[*] }
[*] if (currentUser.isPermitted("winnebago:drive:eagle5")) {
[*] log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'." +
[*] "Here are the keys - have fun!");
[*] } else {
[*] log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
[*] }
[*] //currentUser.logout();
[*] System.exit(0);
[*] }
[*]}
[*]
程序大意解读:
1. Factory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
读取配置文件获取SecurityManager实例;
2. SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
securityManager作为参数获取“当前操作用户”currentUser ,获取当前用户(被shiro框架封装好)的session实例;
3.UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
token.setRememberMe(true);
生成用户名/密码口令,并选择了记住我(实用cookie保存了帐号的信息);
4. log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
if (currentUser.hasRole("schwartz")) {
log.info("May the Schwartz be with you!");
} else {
log.info("Hello, mere mortal.");
}
if (currentUser.isPermitted("lightsaber:weild")) {
log.info("You may use a lightsaber ring.Use it wisely.");
} else {
log.info("Sorry, lightsaber rings are for schwartz masters only.");
}
获取当前登录帐号的信息,判断当前帐号的的角色和所对应的权限
页:
[1]