Java Shiro

Java中shiro框架怎么调用

小亿
91
2023-12-15 11:11:36
栏目: 编程语言

在Java中使用Shiro框架,可以按照以下步骤进行调用:

  1. 添加Shiro依赖:在项目的pom.xml文件中添加Shiro相关的依赖,例如:
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-core</artifactId>
    <version>1.7.1</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-web</artifactId>
    <version>1.7.1</version>
</dependency>
  1. 配置Shiro:创建一个Shiro配置类,用于配置Shiro的相关参数,例如:
@Configuration
public class ShiroConfig {

    @Bean
    public Realm realm() {
        return new MyRealm();
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean() {
        ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
        filterFactoryBean.setSecurityManager(securityManager());
        filterFactoryBean.setLoginUrl("/login");
        filterFactoryBean.setUnauthorizedUrl("/unauthorized");

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/login", "anon");
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/**", "authc");

        filterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return filterFactoryBean;
    }

    @Bean
    public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm());
        return securityManager;
    }
}
  1. 创建自定义的Realm:实现Shiro的Realm接口,用于定义用户的身份认证和权限授权逻辑,例如:
public class MyRealm implements Realm {

    @Override
    public String getName() {
        return "myRealm";
    }

    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof UsernamePasswordToken;
    }

    @Override
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String username = (String) token.getPrincipal();
        String password = new String((char[]) token.getCredentials());

        // 根据用户名和密码进行身份认证逻辑

        return new SimpleAuthenticationInfo(username, password, getName());
    }

    @Override
    public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
        String username = (String) principals.getPrimaryPrincipal();

        // 根据用户名进行权限授权逻辑

        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.addRole("admin");
        authorizationInfo.addStringPermission("user:read");

        return authorizationInfo;
    }
}
  1. 使用Shiro:在需要使用Shiro进行身份认证和权限授权的地方,通过SecurityUtils获取Subject对象,然后调用其相应的方法,例如:
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
subject.login(token);

if (subject.isAuthenticated()) {
    // 身份认证成功的逻辑
} else {
    // 身份认证失败的逻辑
}

if (subject.hasRole("admin")) {
    // 拥有admin角色的逻辑
}

if (subject.isPermitted("user:read")) {
    // 拥有user:read权限的逻辑
}

以上是使用Shiro框架的基本调用方法,具体根据需求可以进行更详细的配置和使用。

0
看了该问题的人还看了