基于角色:
shiro_role.ini:
[users]
zb=123,role1,role2
zz=123,role1
// 讀取配置文件蝌诡,初始化SecurityManager工廠
Factory<org.apache.shiro.mgt.SecurityManager> factory = new IniSecurityManagerFactory(
"classpath:shiro_role.ini");
// 獲取securityManager實(shí)例
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
// 把securityManager實(shí)例綁定到SecurityUtils
SecurityUtils.setSecurityManager(securityManager);
// 得到當(dāng)前執(zhí)行的用戶
Subject currentUser = SecurityUtils.getSubject();
// 創(chuàng)建token令牌坤候,用戶名/密碼
UsernamePasswordToken token = new UsernamePasswordToken("zb", "123");
try {
// 身份認(rèn)證
currentUser.login(token);
System.out.println("身份認(rèn)證成功江锨!" + token.getUsername());
} catch (IncorrectCredentialsException e) {
System.out.println("登錄密碼錯(cuò)誤");
} catch (ExcessiveAttemptsException e) {
System.out.println("登錄失敗次數(shù)過多");
} catch (LockedAccountException e) {
System.out.println("帳號已被鎖定");
} catch (DisabledAccountException e) {
System.out.println("帳號已被禁用");
} catch (ExpiredCredentialsException e) {
System.out.println("帳號已過期");
} catch (UnknownAccountException e) {
System.out.println("帳號不存在");
}
boolean[] results = currentUser.hasRoles(Arrays.asList("role1", "role2", "role3"));
// 角色檢查role1
if (currentUser.hasRole("role1")) {
System.out.println(currentUser.getPrincipal().toString() + "有role1這個(gè)角色");
} else {
System.out.println(currentUser.getPrincipal().toString() + "沒有role1這個(gè)角色");
}
// 角色檢查role1
if (results[0]) {
System.out.println(currentUser.getPrincipal().toString() + "有role1這個(gè)角色");
} else {
System.out.println(currentUser.getPrincipal().toString() + "沒有role1這個(gè)角色");
}
// 角色檢查role2
if (results[1]) {
System.out.println(currentUser.getPrincipal().toString() + "有role2這個(gè)角色");
} else {
System.out.println(currentUser.getPrincipal().toString() + "沒有role2這個(gè)角色");
}
// 角色檢查role3
if (results[2]) {
System.out.println(currentUser.getPrincipal().toString() + "有role3這個(gè)角色");
} else {
System.out.println(currentUser.getPrincipal().toString() + "沒有role3這個(gè)角色");
}
System.out.println(currentUser.hasAllRoles(Arrays.asList("role1", "role2")) ? "role1,role2這兩個(gè)角色都有"
: "role1,role2這個(gè)兩個(gè)角色不全有");
// 退出
currentUser.logout();
基于權(quán)限:
shiro_permission:
[users]
java1234=123456,role1,role2
jack=123,role1
[roles]
role1=user:select
role2=user:add,user:update,user:delete
// 讀取配置文件桐早,初始化SecurityManager工廠
Factory<org.apache.shiro.mgt.SecurityManager> factory = new IniSecurityManagerFactory(
"classpath:shiro_role.ini");
// 獲取securityManager實(shí)例
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
// 把securityManager實(shí)例綁定到SecurityUtils
SecurityUtils.setSecurityManager(securityManager);
// 得到當(dāng)前執(zhí)行的用戶
Subject currentUser = SecurityUtils.getSubject();
// 創(chuàng)建token令牌涛救,用戶名/密碼
UsernamePasswordToken token = new UsernamePasswordToken("zb", "123");
try {
// 身份認(rèn)證
currentUser.login(token);
System.out.println("身份認(rèn)證成功!" + token.getUsername());
} catch (IncorrectCredentialsException e) {
System.out.println("登錄密碼錯(cuò)誤");
} catch (ExcessiveAttemptsException e) {
System.out.println("登錄失敗次數(shù)過多");
} catch (LockedAccountException e) {
System.out.println("帳號已被鎖定");
} catch (DisabledAccountException e) {
System.out.println("帳號已被禁用");
} catch (ExpiredCredentialsException e) {
System.out.println("帳號已過期");
} catch (UnknownAccountException e) {
System.out.println("帳號不存在");
}
System.out.println(currentUser.isPermitted("user:select") ? "有user:select這個(gè)權(quán)限" : "沒有user:select這個(gè)權(quán)限");
System.out.println(currentUser.isPermitted("user:update") ? "有user:update這個(gè)權(quán)限" : "沒有user:update這個(gè)權(quán)限");
boolean results[] = currentUser.isPermitted("user:select", "user:update", "user:delete");
System.out.println(results[0] ? "有user:select這個(gè)權(quán)限" : "沒有user:select這個(gè)權(quán)限");
System.out.println(results[1] ? "有user:update這個(gè)權(quán)限" : "沒有user:update這個(gè)權(quán)限");
System.out.println(results[2] ? "有user:delete這個(gè)權(quán)限" : "沒有user:delete這個(gè)權(quán)限");
System.out.println(currentUser.isPermittedAll("user:select", "user:update") ? "有user:select,update這兩個(gè)權(quán)限"
: "user:select,update這兩個(gè)權(quán)限不全有");
// 退出
currentUser.logout();