2020年shiro黑马学习截图
第一章 权限概述
第二章 shiro概述
第三章 shiro入门
建模块
改pom
<dependencies>
<dependency>
<groupId>commons-logginggroupId>
<artifactId>commons-loggingartifactId>
<version>1.1.3version>
dependency>
<dependency>
<groupId>org.apache.shirogroupId>
<artifactId>shiro-coreartifactId>
<version>1.3.2version>
dependency>
<dependency>
<groupId>junitgroupId>
<artifactId>junitartifactId>
<version>4.11version>
dependency>
dependencies>
编写shiro.ini
编写HelloShiro
//shiro的第一个例子
public class HelloShiro {
@Test
public void shirologin() {
//导入ini配置 创建工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//工厂构建安全管理器
SecurityManager securityManager = factory.getInstance();
//使用工具生效安全管理器
SecurityUtils.setSecurityManager(securityManager);
//实用工具获取subject主体
Subject subject = SecurityUtils.getSubject();
//构建账户密码
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("jay", "123");
//使用subject主体去登录
subject.login(usernamePasswordToken);
//打印登录信息
System.out.println("登陆结果"+subject.isAuthenticated());//返回true表示登录成功
}
}
所以一般继承授权的类就行了
自定义一个realm
public class DefinitionRealm extends AuthorizingRealm {
//授权方法
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
//认证方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取用户名
String loginName = (String) token.getPrincipal();
System.out.println(loginName);//jay UsernamePasswordToken 这个方法传入的jay
//获取密码
SecurityService securityService = new SecurityServiceImpl();//这里因为没有引入spring所以new一个
String password = securityService.findPasswordByLoginName(loginName);
//进行密码的判断
if("".equals(password)) {
throw new UnknownAccountException("账号不存在");
}
return new SimpleAuthenticationInfo(loginName, password, getName());
}
}
public class SecurityServiceImpl implements SecurityService {
@Override
public String findPasswordByLoginName(String loginName) {
return "123";
}
}
//模拟数据库的操作
public interface SecurityService {
/**
* 查找用户密码
* @param loginName 用户名称
* @return 密码
*/
public String findPasswordByLoginName(String loginName);
}
//shiro的第二个例子
public class HelloShiro {
@Test
public void shirologin() {
//导入ini配置 创建工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//工厂构建安全管理器
SecurityManager securityManager = factory.getInstance();
//使用工具生效安全管理器
SecurityUtils.setSecurityManager(securityManager);
//实用工具获取subject主体
Subject subject = SecurityUtils.getSubject();
//构建账户密码
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("jay", "123");
//使用subject主体去登录
subject.login(usernamePasswordToken);
//打印登录信息
System.out.println("登陆结果"+subject.isAuthenticated());//返回true表示登录成功
}
}
shiro.ini
#声明自定义的realm,且为安全管理器指定realms
[main]
definitionRealm=com.chenjian.realm.DefinitionRealm
securityManager.realms=$definitionRealm
//编码工具类
public class EncodesUtil {
/**
* HEX-String-byte[]
* @param input
* @return
*/
public static String encodeHex(byte[] input) {
return Hex.encodeToString(input);
}
/**
* HEX-byte[]-String
* @param input
* @return
*/
public static byte[] decodeHex(String input) {
return Hex.decode(input);
}
/**
* Base64-byte[]-String
* @param input
* @return
*/
public static String encodeBase64(byte[] input) {
return Base64.encodeToString(input);
}
/**
* Base64-byte[]-String
* @param input
* @return
*/
public static byte[] decodeBase64(String input) {
return Base64.decode(input);
}
}
//测试编码和解码
public class ClientTest {
@Test
public void testHex() {
String val = "hello";
String flag = EncodesUtil.encodeHex(val.getBytes());
System.out.println(flag);
String valHandler = new String(EncodesUtil.decodeHex(flag));
System.out.println(valHandler);
System.out.println("比较字符串是否相等"+val.equals(valHandler));
}
}
@Test
public void testBase64() {
String val = "hello";
String flag = EncodesUtil.encodeBase64(val.getBytes());
System.out.println(flag);
String valHandler = new String(EncodesUtil.decodeBase64(flag));
System.out.println(valHandler);
System.out.println("比较字符串是否相等"+val.equals(valHandler));
}
//生成摘要
public class DigestsUtil {
private static final String SHAL="SHA-1";
private static final Integer ITERATIONS = 512;//加密次数
/**
* shal摘要算法 把明文按照算法变为一长串字符串
* @param input 明文字符串
*
* @param salt 干扰数据
* @return
*/
public static String shal(String input, String salt) {
// * @param algorithmName the {@link java.security.MessageDigest MessageDigest} algorithm name to use when performing the hash.
// * @param source the source object to be hashed.
// * @param salt the salt to use for the hash
// * @param hashIterations the number of times the {@code source} argument hashed for attack resiliency.
return new SimpleHash(SHAL, input, salt, ITERATIONS).toString();
}
/**
* 随机生成salt
* @return hex编码的salt
*/
public static String generateSalt() {
SecureRandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
return randomNumberGenerator.nextBytes().toHex();
}
/**
* 生成密码和salt的密文
* @param passwordPlan 密文密码
* @return map
*/
public static Map<String, String> entryptPassword(String passwordPlan) {
Map<String, String> map = new HashMap<>();
String salt = generateSalt();
String password = shal(passwordPlan, salt);
map.put("salt", salt);
map.put("password", password);
return map;
}
}
public class ClientTest {
@Test
public void testDigestsUtil() {
Map<String, String> map = DigestsUtil.entryptPassword("123");
System.out.println(map.toString());
}
}
改造service
DefinitionRealm
public class DefinitionRealm extends AuthorizingRealm {
public DefinitionRealm() {
//指定密码匹配方式shal
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(DigestsUtil.SHAL);
//指定密码迭代次数
hashedCredentialsMatcher.setHashIterations(DigestsUtil.ITERATIONS);
//使用父层方法使匹配方式生效
setCredentialsMatcher(hashedCredentialsMatcher);
}
//授权方法
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
//认证方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取用户名
String loginName = (String) token.getPrincipal();
System.out.println(loginName);//jay
//获取密码
SecurityService securityService = new SecurityServiceImpl();//这里因为没有引入spring所以new一个
Map<String, String> map = securityService.findPasswordByLoginName(loginName);
//进行密码的判断
if(map.isEmpty()) {
throw new UnknownAccountException("账号不存在");
}
String salt = map.get("salt");
String password = map.get("password");
return new SimpleAuthenticationInfo(loginName, password, ByteSource.Util.bytes(salt), getName());
}
}
SecurityServiceImpl
public class SecurityServiceImpl implements SecurityService {
@Override
public Map<String, String> findPasswordByLoginName(String loginName) {
return DigestsUtil.entryptPassword("123");//把123转化为密文
}
}
DigestsUtil
//生成摘要
public class DigestsUtil {
public static final String SHAL="SHA-1";
public static final Integer ITERATIONS = 512;//加密次数
/**
* shal摘要算法 把明文按照算法变为一长串字符串
* @param input 明文字符串
*
* @param salt 干扰数据
* @return
*/
public static String shal(String input, String salt) {
// * @param algorithmName the {@link java.security.MessageDigest MessageDigest} algorithm name to use when performing the hash.
// * @param source the source object to be hashed.
// * @param salt the salt to use for the hash
// * @param hashIterations the number of times the {@code source} argument hashed for attack resiliency.
return new SimpleHash(SHAL, input, salt, ITERATIONS).toString();
}
/**
* 随机生成salt
* @return hex编码的salt
*/
public static String generateSalt() {
SecureRandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
return randomNumberGenerator.nextBytes().toHex();
}
/**
* 生成密码和salt的密文
* @param passwordPlan 密文密码
* @return map
*/
public static Map<String, String> entryptPassword(String passwordPlan) {
Map<String, String> map = new HashMap<>();
String salt = generateSalt();
String password = shal(passwordPlan, salt);
map.put("salt", salt);
map.put("password", password);
return map;
}
}
HelloShiro
public class HelloShiro {
@Test
public void shirologin() {
//导入ini配置 创建工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//工厂构建安全管理器
SecurityManager securityManager = factory.getInstance();
//使用工具生效安全管理器
SecurityUtils.setSecurityManager(securityManager);
//实用工具获取subject主体
Subject subject = SecurityUtils.getSubject();
//构建账户密码
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("jay", "123");
//使用subject主体去登录
subject.login(usernamePasswordToken);
//打印登录信息
System.out.println("登陆结果"+subject.isAuthenticated());//返回true表示登录成功
}
}
shiro.ini
#声明自定义的realm,且为安全管理器指定realms
[main]
definitionRealm=com.chenjian.realm.DefinitionRealm
securityManager.realms=$definitionRealm
DefinitionRealm
public class DefinitionRealm extends AuthorizingRealm {
public DefinitionRealm() {
//指定密码匹配方式shal
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(DigestsUtil.SHAL);
//指定密码迭代次数
hashedCredentialsMatcher.setHashIterations(DigestsUtil.ITERATIONS);
//使用父层方法使匹配方式生效
setCredentialsMatcher(hashedCredentialsMatcher);
}
//授权方法
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//拿到用户凭证信息(用户名)
String loginName = (String) principals.getPrimaryPrincipal();
//从数据库中查询对应的角色和权限
SecurityService securityService = new SecurityServiceImpl();
List<String> roles = securityService.findRoleByLoginName(loginName);
//获取资源信息
List<String> permissions = securityService.findPermissionByLoginName(loginName);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRoles(roles);
simpleAuthorizationInfo.addStringPermissions(permissions);
return simpleAuthorizationInfo;
}
//认证方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取用户名
String loginName = (String) token.getPrincipal();
System.out.println(loginName);//jay
//获取密码
SecurityService securityService = new SecurityServiceImpl();//这里因为没有引入spring所以new一个
Map<String, String> map = securityService.findPasswordByLoginName(loginName);
//进行密码的判断
if(map.isEmpty()) {
throw new UnknownAccountException("账号不存在");
}
String salt = map.get("salt");
String password = map.get("password");
return new SimpleAuthenticationInfo(loginName, password, ByteSource.Util.bytes(salt), getName());
}
}
SecurityServiceImpl
public class SecurityServiceImpl implements SecurityService {
@Override
public Map<String, String> findPasswordByLoginName(String loginName) {
return DigestsUtil.entryptPassword("123");//把123转化为密文
}
@Override
public List<String> findRoleByLoginName(String loginName) {
//这些本来应该去数据库读取的
List<String> list = new ArrayList<>();
list.add("admin");
list.add("dev");
return list;
}
@Override
public List<String> findPermissionByLoginName(String loginName) {
//这些本来应该去数据库读取的
List<String> list = new ArrayList<>();
list.add("order:add");
list.add("order:list");
list.add("order:del");
return list;
}
}
HelloShiro
public class HelloShiro {
@Test
public void testPermissionrealm() {
Subject subject = shirologin();
//打印登录信息
System.out.println("登陆结果"+subject.isAuthenticated());
//校验当前用户是否拥有管理员的角色
System.out.println("是否有管理员角色"+subject.hasRole("admin"));
//校验当前用户没有的角色
try {
subject.checkRole("coder");//这个方法没有返回值
System.out.println("当前用户有coder角色");
}catch (Exception e){
System.out.println("当前用户没有coder角色");
}
//校验当前用户的权限信息
System.out.println("是否有查看订单的权限"+subject.isPermitted("order:list"));
//校验用户没有的权限
try {
subject.checkPermission("order:update");//这个方法没有返回值
System.out.println("当前用户有修改的权限");
}catch (Exception e){
System.out.println("当前用户没有修改的权限");
}
}
public Subject shirologin() {
//导入ini配置 创建工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//工厂构建安全管理器
SecurityManager securityManager = factory.getInstance();
//使用工具生效安全管理器
SecurityUtils.setSecurityManager(securityManager);
//实用工具获取subject主体
Subject subject = SecurityUtils.getSubject();
//构建账户密码
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("jay", "123");
//使用subject主体去登录
subject.login(usernamePasswordToken);
//打印登录信息
System.out.println("登陆结果"+subject.isAuthenticated());//返回true表示登录成功
return subject;
}
}
DigestsUtil
public class DigestsUtil {
public static final String SHAL="SHA-1";
public static final Integer ITERATIONS = 512;//加密次数
/**
* shal摘要算法 把明文按照算法变为一长串字符串
* @param input 明文字符串
*
* @param salt 干扰数据
* @return
*/
public static String shal(String input, String salt) {
// * @param algorithmName the {@link java.security.MessageDigest MessageDigest} algorithm name to use when performing the hash.
// * @param source the source object to be hashed.
// * @param salt the salt to use for the hash
// * @param hashIterations the number of times the {@code source} argument hashed for attack resiliency.
return new SimpleHash(SHAL, input, salt, ITERATIONS).toString();
}
/**
* 随机生成salt
* @return hex编码的salt
*/
public static String generateSalt() {
SecureRandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
return randomNumberGenerator.nextBytes().toHex();
}
/**
* 生成密码和salt的密文
* @param passwordPlan 密文密码
* @return map
*/
public static Map<String, String> entryptPassword(String passwordPlan) {
Map<String, String> map = new HashMap<>();
String salt = generateSalt();
String password = shal(passwordPlan, salt);
map.put("salt", salt);
map.put("password", password);
return map;
}
}
shiro.ini
#声明自定义的realm,且为安全管理器指定realms
[main]
definitionRealm=com.chenjian.realm.DefinitionRealm
securityManager.realms=$definitionRealm
第四章 Web项目集成Shiro
