入門代碼
pom 文件

<dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-all</artifactId><version>1.4.0</version><type>pom</type></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>1.7.12</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.12</version></dependency><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.16</version></dependency><!-- https://mvnrepository.com/artifact/org.springframework/spring-webmvc --> <dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>4.3.13.RELEASE</version> </dependency>

shiro.ini

# ----------------------------------------------------------------------------- # Users and their (optional) assigned roles (用戶及角色) # username = password, role1, role2, ..., roleN # ----------------------------------------------------------------------------- [users] root = 1234, admin guest = 1234, guest# ----------------------------------------------------------------------------- # Roles with assigned permissions (角色及權限) # roleName = perm1, perm2, ..., permN # ----------------------------------------------------------------------------- [roles] admin = * guest = user:*

java代碼

//默認使用的底層源是IniRealm public static void main(String[] args){//1.創建安全管理器工廠(加載shiro.ini,讀取其中用戶名和密碼,放入內存中)Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");//2.獲取安全管理器SecurityManager manager = factory.getInstance();//3.注冊安全管理器SecurityUtils.setSecurityManager(manager);//4.獲取認證主體(可以理解為當前要登錄的用戶,需攜帶用戶名和密碼-即令牌,交由shiro去認證)Subject subject = SecurityUtils.getSubject();//5.輸入用戶名和密碼,生成token令牌,去認證//如果用戶名錯誤,拋出UnknownAccountException,如果密碼錯誤,拋出IncorrectCredentialsExceptionUsernamePasswordToken token = new UsernamePasswordToken("guest", "1234");//6.使用令牌認證try{subject.login(token);System.out.println("認證成功");//認證成功,可以獲取用戶相關信息System.out.println("登錄用戶名===>"+subject.getPrincipal());//當前用戶具有的角色System.out.println("當前用戶是否具有admin角色====>"+subject.hasRole("admin"));System.out.println("當前用戶是否具有guest角色====>"+subject.hasRole("guest"));//當前用戶是否具有相應權限System.out.println("當前用戶是否具有*權限====>"+subject.isPermitted("*"));System.out.println("當前用戶是否具有user:*權限====>"+subject.isPermitted("user:*"));//7.退出登錄subject.logout();}catch (Exception e){e.printStackTrace();System.out.println("認證失敗");}} ```//手動創建IniRealm,加載config文件 public static void main(String[] args) {//1.創建安全管理器工廠Realm realm = new IniRealm("classpath:shiro.ini");//2.獲取安全管理器SecurityManager manager = new DefaultSecurityManager(realm);//3.注冊安全管理器SecurityUtils.setSecurityManager(manager);//4.獲取認證主體(來自shiro.ini)............其他與上相同.....}入門示例二 通過加載shiro.ini,連接數據庫用戶和角色一對多關系角色和權限一對多關系 #所執行的數據庫語句 select password from users where username = ? select role_name from user_roles where username = ? select permission from roles_permissions where role_name = ? #對象名 = 全限定類名 相對于調用 public 無參構造器創建對象 #對象名. 屬性名 = 值 相當于調用 setter 方法設置常量值 #對象名. 屬性名 =$ 對象引用 相當于調用 setter 方法設置對象引用 [main] dataSource=com.alibaba.druid.pool.DruidDataSource dataSource.driverClassName=com.mysql.jdbc.Driver dataSource.url=jdbc:mysql:///shiro dataSource.username=root dataSource.password=tigerjdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm jdbcRealm.dataSource=$dataSource securityManager.realms=$jdbcRealm上面config文件配置,相當于使用如下代碼等同通過手動創建JdbcRealm,連接數據庫public static void main(String[] args) {//1.創建安全管理器工廠,使用JdbcRealmJdbcRealm realm = new JdbcRealm();DruidDataSource dataSource = new DruidDataSource();dataSource.setDriverClassName("com.mysql.jdbc.Driver");dataSource.setUrl("jdbc:mysql:///shiro");dataSource.setUsername("root");dataSource.setPassword("tiger");realm.setDataSource(dataSource);//2.獲取安全管理器SecurityManager manager = new DefaultSecurityManager(realm);//3.注冊安全管理器SecurityUtils.setSecurityManager(manager);//4.獲取認證主體(來自shiro.ini)Subject subject = SecurityUtils.getSubject();//....................}入門示例三也可以自定義Realm,使用自己查詢方式/*** 自己提供認證和授權方式,注意:繼承JdbcRealm*/ public class MyJdbcRealm extends JdbcRealm {/*** 認證* @param token* @return* @throws AuthenticationException*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {UsernamePasswordToken upToken = (UsernamePasswordToken)token;//通過token中用戶名,去數據庫中查找用戶,查出密碼String username = upToken.getUsername();if (username == null) {throw new AccountException("用戶名不能為空");} else {Connection conn = null;SimpleAuthenticationInfo info = null;try{conn = this.dataSource.getConnection();PreparedStatement preparedStatement = conn.prepareStatement("select password from users where username=?");preparedStatement.setString(1, username);ResultSet resultSet = preparedStatement.executeQuery();if(resultSet.next()){String password = resultSet.getString(1);if(password==null){throw new UnknownAccountException("數據庫中沒有該用戶===> [" + username + "]");}//把用戶名和密碼提交給shiro,shiro自動會對token進行認證info = new SimpleAuthenticationInfo(username, password.toCharArray(), this.getName());return info;}}catch (Exception e){e.printStackTrace();}finally {JdbcUtils.closeConnection(conn);}}return null;}/*** 授權* @param principals* @return*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {if (principals == null) {throw new AuthorizationException("用戶授權失敗");} else {String username = (String)this.getAvailablePrincipal(principals);Connection conn = null;Set<String> roleNames = new HashSet<>();Set permissions = new HashSet();try {conn = this.dataSource.getConnection();//通過用戶名,查詢出角色PreparedStatement preparedStatement = conn.prepareStatement("SELECT rolename FROM role WHERE uid =(SELECT id FROM users WHERE username=?)");preparedStatement.setString(1, username);ResultSet resultSet = preparedStatement.executeQuery();while(resultSet.next()){String rolename = resultSet.getString(1);roleNames.add(rolename);}//通過角色關聯出權限if (!roleNames.isEmpty()) {preparedStatement = conn.prepareStatement("SELECT func FROM permission WHERE rid IN" +" (SELECT id FROM role WHERE uid =(SELECT id FROM users WHERE username=?))");preparedStatement.setString(1, username);resultSet = preparedStatement.executeQuery();while(resultSet.next()){String permission = resultSet.getString(1);permissions.add(permission);}}} catch (SQLException var11) {var11.printStackTrace();throw new AuthorizationException("用戶授權失敗", var11);} finally {JdbcUtils.closeConnection(conn);}//把角色和權限給shiro,shiro會自動授權SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);info.setStringPermissions(permissions);return info;}} } [main]dataSource=com.alibaba.druid.pool.DruidDataSource dataSource.driverClassName=com.mysql.jdbc.Driver dataSource.url=jdbc:mysql:///shiro dataSource.username=root dataSource.password=tiger #自定義Realm jdbcRealm=com.sy.shiro.realm.MyJdbcRealm jdbcRealm.dataSource=$dataSourcesecurityManager.realms=$jdbcRealm

總結

以上是生活随笔為你收集整理的Shiro框架入门的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。