溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
今天就跟大家聊聊有關Shiro架構和Hello World的示例分析,可能很多人都不太了解,為了讓大家更加了解,小編給大家總結了以下內容,希望大家根據這篇文章可以有所收獲。
Shiro 一個Apache 權限處理框架,現在更流行于security,能夠指定用戶的具體操作哪一個按鈕,搭配接口,通過注解實現。
官網:
http://shiro.apache.org/download.html
主要涉及
權限管理,權限認證,session管理,加密
支持web,緩存,并發,測試,記住我
Shiro架構
Subject 當前用戶
Security 管理subject
Realm 相當于RealmDao
Hello World
找到官網下載zip包。解壓后
找到samples/quickstart/QuickStart.java
并將resource下面的配置復制
QuickStart.java
注釋已經寫在代碼內
public class Quickstart {private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);public static void main(String[] args) {// The easiest way to create a Shiro SecurityManager with configured// realms, users, roles and permissions is to use the simple INI config.// We'll do that by using a factory that can ingest a .ini file and// return a SecurityManager instance:// Use the shiro.ini file at the root of the classpath// (file: and url: prefixes load from files and urls respectively):Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");SecurityManager securityManager = factory.getInstance();// for this simple example quickstart, make the SecurityManager// accessible as a JVM singleton. Most applications wouldn't do this// and instead rely on their container configuration or web.xml for// webapps. That is outside the scope of this simple quickstart, so// we'll just do the bare minimum so you can continue to get a feel// for things.SecurityUtils.setSecurityManager(securityManager);// Now that a simple Shiro environment is set up, let's see what you can do:// get the currently executing user://獲取當前的subject SecurityUtils.getSubject()Subject currentUser = SecurityUtils.getSubject();// Do some stuff with a Session (no need for a web or EJB container!!!)//獲取sessionSession session = currentUser.getSession();//放入屬性session.setAttribute("someKey", "aValue");//驗證是否取到String value = (String) session.getAttribute("someKey");if (value.equals("aValue")) {log.info("Retrieved the correct value! -*******[" + value + "]");}// let's login the current user so we can check against roles and permissions://測試是否被認證if (!currentUser.isAuthenticated()) {//用戶名密碼封裝UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");//記住我token.setRememberMe(true);try {//執行登錄currentUser.login(token);//如果沒有指定的用戶} catch (UnknownAccountException uae) {log.info("There is no user with username of " + token.getPrincipal());//密碼錯誤} catch (IncorrectCredentialsException ice) {log.info("Password for account " + token.getPrincipal() + " was incorrect!");//用戶被鎖定} catch (LockedAccountException lae) {log.info("The account for username " + token.getPrincipal() + " is locked. " +"Please contact your administrator to unlock it.");}// ... catch more exceptions here (maybe custom ones specific to your application?//總的認證異常處理catch (AuthenticationException ae) {//unexpected condition? error?}}//say who they are://print their identifying principal (in this case, a username):log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");//test a role://測試是否有某一個角色if (currentUser.hasRole("schwartz")) {log.info("May the Schwartz be with you!");} else {log.info("Hello, mere mortal.");}//test a typed permission (not instance-level)//測試用戶是否有一個行為 weild//isPermitted The 'schwartz' role can do anything (*) with any lightsaber:if (currentUser.isPermitted("lightsaber:weild")) {log.info("You may use a lightsaber ring. Use it wisely.");} else {log.info("Sorry, lightsaber rings are for schwartz masters only.");}//a (very powerful) Instance Level permission://goodguy = winnebago:drive:eagle5 更具體的行為if (currentUser.isPermitted("winnebago:drive:eagle5")) {log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'. " +"Here are the keys - have fun!");} else {log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");}//all done - log out!currentUser.logout();System.exit(0);}}
實際應用
@RequiresPermissions("risk:thirdInterface:view")@GetMapping()public String thirdInterface(ModelMap map, ThirdInterface thirdInterface) {List<ThirdInterface> thirdInterfaceList = thirdInterfaceService.selectThirdInterfaceList(thirdInterface);map.put("list", thirdInterfaceList);return prefix + "/thirdInterface";}
配合前端
var editFlag = [[${@permission.hasPermi('system:user:edit')}]];var removeFlag = [[${@permission.hasPermi('system:user:remove')}]];formatter: function(value, row, index) {var actions = [];actions.push('<a class="btn btn-success btn-xs ' + editFlag + '" href="#" onclick="$.operate.edit(\'' + row.userId + '\')"><i class="fa fa-edit"></i>編輯</a> ');actions.push('<a class="btn btn-danger btn-xs ' + removeFlag + '" href="#" onclick="$.operate.remove(\'' + row.userId + '\')"><i class="fa fa-remove"></i>刪除</a> ');actions.push('<a class="btn btn-info btn-xs ' + resetPwdFlag + '" href="#" onclick="resetPwd(\'' + row.userId + '\')"><i class="fa fa-key"></i>重置</a>');return actions.join('');}
在角色的分配操作時指定是否擁有某個按鈕的權限操作。
看完上述內容,你們對Shiro架構和Hello World的示例分析有進一步的了解嗎?如果還想了解更多知識或者相關內容,請關注億速云行業資訊頻道,感謝大家的支持。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
