Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the example analysis of Shiro architecture and Hello World. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

Shiro, a framework for handling Apache permissions, is now more popular in security, which can specify which button to operate on, match the interface, and achieve it through annotations.

Official website:

Http://shiro.apache.org/download.html

Mainly related to

Rights management, rights authentication, session management, encryption

Support web, caching, concurrency, testing, remember me

Shiro architecture

Subject current user

Security Management subject

Realm is equivalent to RealmDao.

Hello World

Find the official website to download the zip package. After decompression

Find samples/quickstart/QuickStart.java.

And copy the configuration under resource

QuickStart.java

Comments have been written in the code

Public class Quickstart {

Private static final transient Logger log = LoggerFactory.getLogger (Quickstart.class)

Public static void main (String [] args) {

/ / The easiest way to create a Shiro SecurityManager with configured / / realms, users, roles and permissions is to use the simple INI config. / / We'll do that by using a factory that can ingest a .ini file and / / return a SecurityManager instance:

/ / Use the shiro.ini file at the root of the classpath / / (file: and url: prefixes load from files and urls respectively): Factory factory = new IniSecurityManagerFactory ("classpath:shiro.ini"); SecurityManager securityManager = factory.getInstance ()

/ / for this simple example quickstart, make the SecurityManager / / accessible as a JVM singleton. Most applications wouldn't do this / / and instead rely on their container configuration or web.xml for / / webapps. That is outside the scope of this simple quickstart, so / / we'll just do the bare minimum so you can continue to get a feel / / for things. SecurityUtils.setSecurityManager (securityManager)

/ / Now that a simple Shiro environment is set up, let's see what you can do:

/ / get the currently executing user:

/ / get the current subject SecurityUtils.getSubject () Subject currentUser = SecurityUtils.getSubject ()

/ / Do some stuff with a Session (no need for a web or EJB containerized containers!) / / get session Session session = currentUser.getSession (); / / put the attribute session.setAttribute ("someKey", "aValue"); / / verify whether the

String value = (String) session.getAttribute ("someKey"); if (value.equals ("aValue")) {log.info ("Retrieved the correct value!-* [" + value + "]");}

/ / let's login the current user so we can check against roles and permissions: / / Test whether it is authenticated by if (! currentUser.isAuthenticated ()) {/ / username password encapsulation UsernamePasswordToken token = new UsernamePasswordToken ("lonestarr", "vespa"); / / remember me token.setRememberMe (true) Try {/ / execute login currentUser.login (token); / / if there is no specified user} catch (UnknownAccountException uae) {log.info ("There is no user with username of" + token.getPrincipal ()) / / password error} catch (IncorrectCredentialsException ice) {log.info ("Password for account" + token.getPrincipal () + "was incorrect!"); / / user is locked} catch (LockedAccountException lae) {log.info ("The account for username" + token.getPrincipal () + "is locked. "+" Please contact your administrator to unlock it. ");} / /. Catch more exceptions here (maybe custom ones specific to your application? / / Total Authentication exception handling catch (AuthenticationException ae) {/ / unexpected condition? Error?}}

/ / say who they are: / / print their identifying principal (in this case, a username): log.info ("User [" + currentUser.getPrincipal () + "] logged in successfully.")

/ / test a role: / / Test whether there is a role if (currentUser.hasRole ("schwartz")) {log.info ("May the Schwartz be with you!");} else {log.info ("Hello, mere mortal.");}

/ / test a typed permission (not instance-level) / / Test whether the user has a behavior weild / / isPermitted The 'schwartz' role can do anything (*) with any lightsaber: if (currentUser.isPermitted ("lightsaber:weild")) {log.info ("You may use a lightsaber ring. Use it wisely. ");} else {log.info (" Sorry, lightsaber rings are for schwartz masters only. ");}

/ / a (very powerful) Instance Level permission: / / goodguy = winnebago:drive:eagle5 more specific behavior if (currentUser.isPermitted ("winnebago:drive:eagle5")) {log.info ("You are permitted to 'drive' the winnebago with license plate (id)' eagle5'.) "+" Here are the keys-have fun! ");} else {log.info (" Sorry, you aren't allowed to drive the 'eagle5' winnebago! ");}

/ / all done-log out! CurrentUser.logout ()

System.exit (0);}}

Practical application

RequiresPermissions ("risk:thirdInterface:view") @ GetMapping () public String thirdInterface (ModelMap map, ThirdInterface thirdInterface) {

List thirdInterfaceList = thirdInterfaceService.selectThirdInterfaceList (thirdInterface); map.put ("list", thirdInterfaceList)

Return prefix + "/ thirdInterface";}

Cooperate with the front end

Var editFlag = [[${@ permission.hasPermi ('system:user:edit')}]]; var removeFlag = [[${@ permission.hasPermi (' system:user:remove')}]]

Formatter: function (value, row, index) {var actions = []; actions.push ('delete'); actions.push ('

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.