Shiro入门

Shiro来控制权限

首先我们需要来创建一个RBAC模型(图片网上找的)

Shiro入门_第1张图片
RBAC.png

数据库模型建好以后便可进行配置:
我们在项目中创建Shiro的配置文件命名为shiro.ini,内容如下:

[main]
#数据源配置
dataSource=org.springframework.jdbc.datasource.DriverManagerDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://127.0.0.1:3306/test
dataSource.username=root
dataSource.password=root

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.dataSource=$dataSource
#用户认证(登录)查询语句,以用户名为查询条件
jdbcRealm.authenticationQuery = SELECT password FROM usr_user WHERE username = ?
#用户角色查询语句,以用户名为查询条件,判断用户是否拥有某个角色
jdbcRealm.userRolesQuery = SELECT usr_role.roleName from usr_user,usr_user_role,usr_role WHERE usr_user.username = ? AND usr_user.id = usr_user_role.userId AND usr_user_role.roleId = usr_role.id
#资源许可查询语句,以角色名称为查询条件,判断角色是否拥有某个资源的许可
jdbcRealm.permissionsQuery = SELECT usr_func.code from usr_role,usr_role_func,usr_func WHERE usr_role.roleName = ? AND usr_role.id = usr_role_func.roleId AND usr_role_func.funcId = usr_func.id

securityManager.realms=$jdbcRealm

数据源配置相信大家都很熟悉,我们主要配置的是securityManager的realms属性,shiro权限控制主要靠这个做具体的事情,至此简单的配置应完成了。
接下来我们写一个简单的测试类:

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

import junit.framework.Assert;

@RunWith(JUnit4.class)
public class TestController {

    @Test
    public void test(){
        Factory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        SecurityManager securityManager = factory.getInstance();
        SecurityUtils.setSecurityManager(securityManager);

        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken("admin", "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918");
        try {
            subject.login(token);
            Assert.assertEquals(true, subject.isAuthenticated());

            //判断用户是否拥有某个角色
            System.out.println("has==manager" + subject.hasRole("manager"));  //true
            System.out.println("has==editor" + subject.hasRole("editor"));  //false

            //判断是否被授权
            System.out.println("per==CX" + subject.isPermitted("YHGL:CX"));  //true
            System.out.println("per==XZ" + subject.isPermitted("YHGL:XZ"));  //true

            subject.logout();
        } catch (IncorrectCredentialsException e) {
            System.out.println("登录密码错误. Password for account " + token.getPrincipal() + " was incorrect.");
        } catch (ExcessiveAttemptsException e) {
            System.out.println("登录失败次数过多");
        } catch (LockedAccountException e) {
            System.out.println("帐号已被锁定. The account for username " + token.getPrincipal() + " was locked.");
        } catch (DisabledAccountException e) {
            System.out.println("帐号已被禁用. The account for username " + token.getPrincipal() + " was disabled.");
        } catch (ExpiredCredentialsException e) {
            System.out.println("帐号已过期. the account for username " + token.getPrincipal() + "  was expired.");
        } catch (UnknownAccountException e) {
            System.out.println("帐号不存在. There is no user with username of " + token.getPrincipal());
        }

    }
}

UsernamePasswordToken主要用来做登录验证,这里我们是写死的,密码也是加密后存储在数据库的;

subject.login(token)这句代码则会触发我们的jdbcRealm.authenticationQuery = SELECT password FROM usr_user WHERE username = ?去数据库中进行验证;

subject.hasRole("manager")subject.isPermitted("YHGL:CX")分别会触发jdbcRealm.userRolesQueryjdbcRealm.permissionsQuery

后面我们在异常捕获中进行异常区分来做不同的提示

你可能感兴趣的:(Shiro入门)