1.Shiro授权

Shiro授权流程图

image.png

---

• pom文件在Shrio认证基础上

---

• java代码

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;

public class AuthentiationTest {

    SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();

    @Before
    public void addUser(){
        //模拟用户
        simpleAccountRealm.addAccount("gouDan","123456","admin","superadmin");
    }
    @Test
    public void testAuthentiation(){
        //构建SecurityManager环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        //添加认证凭证
        defaultSecurityManager.setRealm(simpleAccountRealm);
        //主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("gouDan","123456");
        //登入
        subject.login(token);
        System.out.println(subject.isAuthenticated());
        //权限必须全部匹配
        subject.checkRoles("admi","superadmin");
    }
}

需要注意

• 权限可以配置多个
• 权限不对会抛出
  UnauthorizedException