Shulou(Shulou.com)06/01 Report--

This article mainly explains the "Shiro Realm authority authentication how to achieve", the article explains the content is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "Shiro Realm authority authentication how to achieve" it!

Shiro download

To learn shiro, we first need to go to the official website of shiro to download shiro with the address of https://shiro.apache.org/. As of this writing, the latest stable version of shiro is 1.4.0, which will be used in this article. Of course, shiro we can also download the source code from github. The download addresses of the two source codes are as follows:

Apache shiro

Github-shiro

Above, I mainly introduce the download of the source code with my friends, but it does not involve the download of the jar package. We can use maven directly for the jar package.

Create a demonstration project

Here we are in no hurry to write the code. Let's first open the source code we just downloaded. There is a samples directory in the source code, as follows:

This samples directory is some official demo examples, including a quickstart project, this project is a maven project, refer to this quickstart, let's create our own demo project.

First create a JavaSE project using maven

After the project is successfully created, add the following dependencies to the pom file:

Org.apache.shiro

Shiro-all

RELEASE

Configure user

Referring to the shiro.ini file in the quickstart project, let's configure a user as follows: first, create a shiro.ini file in the resources directory with the following contents:

[users]

Sang=123,admin

[roles]

Admin=*

The above configuration means that we have created a user named sang, whose password is 123, the user's role is admin, and admin has permission to operate on all resources.

Perform login

OK, after doing the above steps, we can look at how to implement a simple login operation. We still refer to the classes in the quickstart project to implement this login operation. First, we need to create a SecurityManager through shiro.ini, and then set the SecurityManager to singleton mode, as follows:

Factory factory = new IniSecurityManagerFactory ("classpath:shiro.ini")

Org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance ()

SecurityUtils.setSecurityManager (securityManager)

After this, we have configured a basic Shiro environment. Note that the user and role information at this time is configured in the shiro.ini configuration file, and then we can get a Subject, which is our current user object. The way to get it is as follows:

Subject currentUser = SecurityUtils.getSubject ()

After getting this user object, we can get a session. The operation of this session is basically the same as that of HttpSession in our web, except that this session does not depend on any container and can be obtained anytime and anywhere. The way to get and operate is as follows:

/ / obtain session

Session session = currentUser.getSession ()

/ / set attribute values for session

Session.setAttribute ("someKey", "aValue")

/ / get the attribute values in session

String value = (String) session.getAttribute ("someKey")

Having said that, our user has not logged in yet. There is an isAuthenticated method in Subject to determine whether the current user has logged in. If the isAuthenticated method returns a false, it means that the current user is not logged in, then we can log in as follows:

If (! currentUser.isAuthenticated ()) {

UsernamePasswordToken token = new UsernamePasswordToken ("sang", "123")

Try {

CurrentUser.login (token)

} catch (UnknownAccountException uae) {

Log.info ("There is no user with username of" + token.getPrincipal ())

} catch (IncorrectCredentialsException ice) {

Log.info ("Password for account" + token.getPrincipal () + "was incorrect!")

} catch (LockedAccountException lae) {

Log.info ("The account for username" + token.getPrincipal () + "is locked." +

"Please contact your administrator to unlock it."

}

Catch (AuthenticationException ae) {

}

}

First construct UsernamePasswordToken, and the two parameters are our user name and password, and then call the login method in Subject to log in. When problems such as user name error, password input error, or account locking occur, the system will inform the caller of these problems by throwing an exception.

When the login is successful, we can obtain the user name of the current login user as follows:

Log.info ("User [" + currentUser.getPrincipal () + "] logged in successfully.")

We can also determine whether the current user has a certain role or permission by calling the hasRole and isPermitted methods in Subject, as follows:

If (currentUser.hasRole ("admin")) {

Log.info ("May the Schwartz be with you!")

} else {

Log.info ("Hello, mere mortal.")

}

If (currentUser.isPermitted ("lightsaber:wield")) {

Log.info ("You may use a lightsaber ring. Use it wisely.")

} else {

Log.info ("Sorry, lightsaber rings are for schwartz masters only.")

}

Finally, we can log out of this login through the logout method, as follows:

CurrentUser.logout (): thank you for your reading, the above is the content of "how to achieve Shiro Realm authority authentication". After the study of this article, I believe you have a deeper understanding of how to achieve Shiro Realm authority authentication, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.