Shiro授权流程图
Shiro
Shiro授权流程
- 创建SecurityManager;
- 主体授权;
- SecurityManager授权;
- Authorizer授权;
- Realm获取角色权限数据。
maven依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
测试用例
package com.jarworker.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;
/**
* 授权测试
*/
public class AuthorizerTest {
SimpleAccountRealm simpleAccountRealm;
@Before
public void addAuthorizerUser() throws Exception {
simpleAccountRealm=new SimpleAccountRealm();
// simpleAccountRealm.addAccount("jarworker","123","admin");
simpleAccountRealm.addAccount("jarworker","123","admin","user");
}
@Test
public void testAuthorizer() throws Exception {
//构建DefaultSecurityManager 环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(simpleAccountRealm);
//主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("jarworker","123");
subject.login(token);
System.out.println("是否认证:"+subject.isAuthenticated());
// 授权的时候需要登陆
// subject.checkRoles("admin");
subject.checkRoles("admin","user");
}
}
