Shiro授权过程

Shiro授权流程图

Shiro授权过程_第1张图片
Shiro

Shiro授权流程

  1. 创建SecurityManager;
  2. 主体授权;
  3. SecurityManager授权;
  4. Authorizer授权;
  5. Realm获取角色权限数据。

maven依赖

    
        org.apache.shiro
        shiro-core
        1.4.0
    
    
        junit
        junit
        4.12
    

测试用例

package com.jarworker.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;

/**
 * 授权测试
 */
public class AuthorizerTest {
    SimpleAccountRealm simpleAccountRealm;
    @Before
    public void addAuthorizerUser() throws Exception {
        simpleAccountRealm=new SimpleAccountRealm();
//        simpleAccountRealm.addAccount("jarworker","123","admin");
        simpleAccountRealm.addAccount("jarworker","123","admin","user");
    }

    @Test
    public void testAuthorizer() throws Exception {
        //构建DefaultSecurityManager 环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(simpleAccountRealm);
        //主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("jarworker","123");
        subject.login(token);
        System.out.println("是否认证:"+subject.isAuthenticated());
//        授权的时候需要登陆
//        subject.checkRoles("admin");
        subject.checkRoles("admin","user");
    }
}

你可能感兴趣的:(Shiro授权过程)