Apache Shiro In Easy Steps With Spring Boot(二)-Authenticator,Authorizer,Subject

2022-08-19 16:07:20 浏览数 (1)

Chapter 02 Apache Shiro with Spring Boot

Section 01 - 创建Spring Boot项目

IntelliJ IDEA 创建Spring Boot项目

在pom.xml文件中加入apache shiro starter依赖

代码语言:javascript复制
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring-boot-web-starter</artifactId>
    <version>1.8.0</version>
</dependency>

Section 02 - Authenticator

认证流程,即登录

新建config包,新增配置类ApacheShiroConfig,增加@Configuration注解,表明这是一个配置类,分别向容器中注入SimpleAccountRealm,DefaultSecurityManager

代码语言:javascript复制
@Configuration
public class ApacheShiroConfig {

    @Bean
    public SimpleAccountRealm simpleAccountRealm(){
        return new SimpleAccountRealm();
    }

    @Bean
    public DefaultSecurityManager defaultSecurityManager(){
        return new DefaultSecurityManager();
    }
    
}

修改test包中的主启动类的测试类

代码语言:javascript复制
@SpringBootTest
public class ApacheShiroApplicationTests {

    @Test
    public void contextLoads() {
    }

}

新建一个Authenticator测试类ApacheShiroAuthenticatorTest

代码语言:javascript复制
public class ApacheShiroAuthenticatorTest extends ApacheShiroApplicationTests {

    @Resource
    private SimpleAccountRealm accountRealm;

    @Resource
    private DefaultSecurityManager securityManager;


    @Test
    public void testLogin(){
        accountRealm.addAccount("stark","123456");
        accountRealm.addAccount("peter","peter");

        securityManager.setRealm(accountRealm);

        SecurityUtils.setSecurityManager(securityManager);

        // 获取当前认证主体
        Subject subject = SecurityUtils.getSubject();

        // 输入用户名密码,stark
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("stark","123456");
        // 执行登录操作
        subject.login(usernamePasswordToken);
        System.out.println("是否登录成功:"   subject.isAuthenticated());

    }

}

执行测试,控制台输出成功登录

Section 03 - Authorizer

授权流程,授予角色权限,在addAccount时给用户增加角色,如accountRealm.addAccount("stark","123456","ADMIN");

新建测试类ApacheShiroAuthorizerTest

代码语言:javascript复制
public class ApacheShiroAuthorizerTest extends ApacheShiroApplicationTests {

    @Resource
    private SimpleAccountRealm accountRealm;

    @Resource
    private DefaultSecurityManager securityManager;


    @Test
    public void testLogin(){
        accountRealm.addAccount("stark","123456","ADMIN");
        accountRealm.addAccount("peter","peter","USER");

        securityManager.setRealm(accountRealm);

        SecurityUtils.setSecurityManager(securityManager);

        // 获取当前认证主体
        Subject subject = SecurityUtils.getSubject();

        // 输入用户名密码,stark
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("stark","123456");
        // 执行登录操作
        subject.login(usernamePasswordToken);
        System.out.println(subject.isAuthenticated());

        System.out.println(subject.getPrincipal());

        System.out.println(subject.getPrincipal()   "是否拥有ADMIN角色:"   subject.hasRole("ADMIN"));

    }

}

执行测试,查看控制台打印,说明权限授予成功

Section 04 - Subject

用户主体Subject

Subject常用方法:

  • getPrincipal(): 返回用户在应用中唯一的用户名
  • getPrincipals(): 返回用户名集合,可用作登录的用户名的集合,如电话号码可以登录,邮件可以登录,主要是返回这心登录用户名的集合
  • isPermitted(): 是否被授权,返回boolean
  • checkPermission(): 检查权限,返回void
  • hasRole(): 是否拥有某个角色
  • hasRoles(): 是否拥有集合中的角色,入参为list
  • checkRoles(): 检查是否拥有某个角色
  • login(): 登录
  • isAuthenticated(): 是否已认证
  • isRemembered(): 是否记住登录用户名
  • logout():登出
apache java spring springboot 腾讯云测试服务

0 人点赞