shiro的使用教程

1、shiro使用的架包自行到网上下载，如果是maven项目，可以到网上搜索Maven Repository添加maven的依赖；这里不描述。1.relam安全数据源Shiro 从 Realm 获取安全数据（如用户、角色、权限），我们的请求，最总调用的是realm中的方法

2、登录@RequestMapping(value = "/login",method = RequestMethod.POST) public String login(User user, Model model){ String username = user.getUsername(); String password = user.getPassword(); logger.debug("username => " + username); logger.debug("password => " + password);//获取登录令牌 UsernamePasswordToken token = new UsernamePasswordToken(username,password);

3、Subject subject = SecurityUtils.getSubject(); String msg = null; try {//登录成功 subject.login(token); } catch (UnknownAccountException e) { e.printStackTrace(); msg = e.getMessage(); } catch (IncorrectCredentialsException e){//登录失败设置显示数据 e.printStackTrace(); msg = "密码不匹配(生产环境中应该写:用户名和密码的组合不正确)"; } catch (LockedAccountException e){ e.printStackTrace(); msg = e.getMessage(); } if(msg == null){ return "redirect:/admin/user/list"; }//model为request级别的绑定 model.addAttribute("msg",msg); return "login"; }

4、退出@RequestMapping(value = "/logout",method = RequestMethod.GET) public String logout(Model model){ Subject subject = SecurityUtils.getSubject(); subject.logout(); model.addAttribute("msg","您已经退出登录"); return "login"; }

5、// 认证成功后 if (subject.isAuthenticated()) { System.out.println("用户 " + subject.getPrincipal() + " 登陆成功！"); //测试角色 System.out.println("是否拥有 manager 角色：" + subject.hasRole("manager")); //测试权限 System.out.println("是否拥有 user:create 权限" + subject.isPermitted("user:create"));

6、@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { logger.info("--- MyRealm doGetAuthorizationInfo ---"); // 获得经过认证的主体信息 User user = (User)principalCollection.getPrimaryPrincipal(); Integer userId = user.getId(); // UserService userService = (UserService)InitServlet.getBean("userService"); List<Resource> resourceList = userService.listAllResource(userId); List<String> roleSnList = userService.listRoleSnByUser(userId); List<String> resStrList = new ArrayList<>(); for(Resource resource:resourceList){ resStrList.add(resource.getUrl()); }

7、SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setRoles(new HashSet<>(roleSnList)); info.setStringPermissions(new HashSet<>(resStrList)); // 以上完成了动态地对用户授权 logger.debug("role => " + roleSnList); logger.debug("permission => " + resStrList); return info; }