package com.shi.authorization;
import java.util.Arrays;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;
/**
* 这是对用户 授权的测试
* [@author](https://my.oschina.net/arthor) SHF
*
*/
public class AuthorizationTest {
//角色授权,资源授权
[@Test](https://my.oschina.net/azibug)
public void authorizationTest(){
//1 创建我们的securityManager工厂
Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-permission.ini");
//2 创建我们securityManager
SecurityManager securityManager=factory.getInstance();
//3 将我们的SecrityManager设置到运行环境
SecurityUtils.setSecurityManager(securityManager);
//4 创建主题
Subject subject=SecurityUtils.getSubject();
//5 创建令牌
UsernamePasswordToken token=new UsernamePasswordToken("zhangsan","123");
try {
//6 主体登录 执行认证
subject.login(token);
} catch (Exception e) {
e.printStackTrace();
}
//7看是否认证通过认证
System.out.println("认证状态:"+subject.isAuthenticated());
//8 认证通过后执行授权
//8.1 基于角色的授权
boolean ishashRole=subject.hasRole("role1");//hasRole 穿入角色标识
boolean hasAllRoles=subject.hasAllRoles(Arrays.asList("role1","role2"));
System.out.println("单个的角色:"+ishashRole);
System.out.println("多个的角色:"+hasAllRoles);
//8.2基于资源的授权
boolean isPermitted=subject.isPermitted("user:create");
boolean isPermittedAll=subject.isPermittedAll("user:create","user:update");
System.out.println("单个资源"+isPermitted);
System.out.println("多个资源"+isPermittedAll);
//通过check方法进行检验授权 不通过就抛出异常
try {
subject.checkPermission("items:add:1");
} catch (AuthorizationException e) {
e.printStackTrace();
}
}
}
shiro-permission.ini 文件
#用户,角色
[users]
#用户zhang的密码是123,次用户具有role1和role2俩个角色
zhangsan=123,role1,role2
wang=123,role2
#角色 权限
[roles]
#角色role1 对资源user拥有create,update权限
role1=user:create,user:update
#角色role2 对资源user拥有create,delete权限
role2=user:create,user:delete
#role3 对资源items拥有create权限
role3=items:create
package com.shi.realm;
import java.util.ArrayList;
import java.util.List;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class CustomRealm extends AuthorizingRealm{
//设置realm的名字
@Override
public void setName(String name) {
super.setName("customRealm");
}
/**
* 用于认证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//1 从token中取出身份信息(token是用户输入的)
String userCode=(String) token.getPrincipal();
//2 根据用户输入的userCode从数据库查询
//... 模拟数据库中取出的密码是"111111"
String password="111111";
//3 如果 查询不到返回null
if(!"zhangsan".equals(userCode)){
return null;
}
//如果查询到 返回认证信息AuthenticationInfo
SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(userCode, password, this.getName());
return simpleAuthenticationInfo;
}
/**
* 用于授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
/**
* 1 从principals中获得主身份信息
* 将getPrimaryPrincipal方法返回值转为真实身份类型,
* (在上边的doGetAuthenticationInfo认证通过填充到SimpleAuthenticationInfo)
*/
String userCode=(String) principals.getPrimaryPrincipal();
/**
* 2 根据身份信息获取权限信息(从数据库中查询)
* 模拟查询到的数据
*/
List<String> permissions=new ArrayList<String>();
permissions.add("user:create");//用户的创建
permissions.add("items:add:1");//商品添加
//3 查询到数据返回授权信息
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
//4 将上面查询到数据填充到SimpleAuthorizationInfo对象中
simpleAuthorizationInfo.addStringPermissions(permissions);
return simpleAuthorizationInfo;
}
}
shiro-realm.ini 文件
[main]
#自定义realm
customRealm=com.shi.realm.CustomRealm
#讲realm设置到securityManager中,相当于spring中的注入
securityManager.realm=$customRealm
测试程序
//2 自定义realm测试 资源授权
@Test
public void authorizationTestCustomerRealm(){
//1 创建我们的securityManager工厂
Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-realm.ini");
//2 创建我们securityManager
SecurityManager securityManager=factory.getInstance();
//3 将我们的SecrityManager设置到运行环境
SecurityUtils.setSecurityManager(securityManager);
//4 创建主题
Subject subject=SecurityUtils.getSubject();
//5 创建令牌
UsernamePasswordToken token=new UsernamePasswordToken("zhangsan","111111");
try {
//6 主体登录 执行认证
subject.login(token);
} catch (Exception e) {
e.printStackTrace();
}
//7看是否认证通过认证
System.out.println("认证状态:"+subject.isAuthenticated());
//8.2基于资源的授权
boolean isPermitted=subject.isPermitted("user:create");
boolean isPermittedAll=subject.isPermittedAll("user:create","user:update");
System.out.println("单个资源"+isPermitted);
System.out.println("多个资源"+isPermittedAll);
//通过check方法进行检验授权 不通过就抛出异常
try {
subject.checkPermission("items:add:1");
} catch (AuthorizationException e) {
e.printStackTrace();
}
}