Shiro Basic Learning (iii)-shiro authorization

I. Entry PROCEDURE 1. Authorization process

2. Three ways to authorize

(1) Programming: By writing If/else Authorization code block complete.

Subject Subject = Securityutils.getsubject ();

if (Subject.hasrole ("admin")) {

have permission

} else {

No permissions

}

(2) Annotation: complete by placing the corresponding annotations on the Java method being executed.

@RequiresRoles ("admin")

public void Hello () {

have permission

}

(3) JSP/GSP tag: The JSP/GSP page is completed by the corresponding label.

<shiro:hasrole name= "Admin" >

<!-has permissions

</shiro:hasRole>

3.ini file

Shiro-permission.ini

The configuration rules for users, roles, and permissions in the INI file are: "User name = password, role 1, role 2 ..." "Role = Permissions 1, Permissions 2 ...", the role is a collection of permissions based on the name of the user, and then the role to find the permissions.

The rule for a permission string is: "Resource Identifier: Action: resource Instance Identifier", which means which instance of the resource has what action, ":" is a resource/action/instance separator, and the permission string can also use the * wildcard character.

Example:

User-created permissions: User:create, or user:create:*

User modified permissions for instance 001: user:update:001

All permissions for user Instance 001: user:*:001

4. Test code

/* * Authorized Test */public class authorzationtest{//role authorization, resource authorization test @testpublic void Testauthorzation () {// Create SecurityManager factory factory<securitymanager> factory = new Inisecuritymanagerfactory ("Classpath: Shiro-permission.ini ");//create Securitymanagersecuritymanager SecurityManager = Factory.getinstance ();// Set SecurityManager to System Environment Securityutils.setsecuritymanager (SecurityManager);//create subjectsubject subject = Securityutils.getsubject ();//Create token token Usernamepasswordtoken token = new Usernamepasswordtoken ("Zhangsan", "123");// Perform certification try{subject.login (token);} catch (Authenticationexception e) {e.printstacktrace ();} System.out.println ("is denied authentication by:" + subject.isauthenticated ());//role-based authorization (role ID) Boolean hasrole = Subject.hasrole ("Role3" ); SYSTEM.OUT.PRINTLN ("Role-based authorization:" + hasrole);//resource-based authorization (permission identifier) Boolean permitted = subject.ispermitted ("User:create"); SYSTEM.OUT.PRINTLN ("Resource-based authorization:" + Permitted);}}

Results:

Is denied authentication by: true
Role-based authorization: false
Resource-based authorization: TRUE

Second, custom Realm1.shiro-realm.ini

Configure your custom realm in Shiro-realm.ini to set realm to SecurityManager.

2. Implementing the Code

/* * Custom Realm */public class Customrealm extends authorizingrealm{//set realm name @overridepublic void SetName (String name) { Super.setname ("Customrealm");} For certification @overrideprotected authenticationinfo Dogetauthenticationinfo (Authenticationtoken token) throws Authenticationexception{//1. Remove user identity information from token String usercode = (string) token.getprincipal ();//2. Query database According to user Usercode// Simulates the password queried from the database string password = "123";//3. Query to return authentication information Simpleauthenticationinfo info = new Simpleauthenticationinfo ( Usercode,password,this.getname ()); return info;} Used to authorize @overrideprotected Authorizationinfo Dogetauthorizationinfo (principalcollection principals) {//Get primary identity information String  Usercode = (String) principals.getprimaryprincipal (); Get permission information based on identity information//simulate getting data from a database list<string> permissions = new arraylist<string> (); Permissions.add ("User:create"); User's creation permission permissions.add ("Items:add"); Add permission to the item//fill the query into the authorization information into the object Simpleauthorizationinfo info = new Simpleauthorizationinfo (); Info.addstringpermissions (permissions); return info;}}

3. Test code

@Testpublic void Testcusrealm () {//create SecurityManager factory factory<securitymanager> factory = new Inisecuritymanagerfactory ("Classpath:shiro-realm.ini");//create Securitymanagersecuritymanager SecurityManager = Factory.getinstance ();//Set SecurityManager to the system environment Securityutils.setsecuritymanager (SecurityManager);// Create Subjectsubject subject = Securityutils.getsubject ();//Create token token Usernamepasswordtoken token = new Usernamepasswordtoken ("Zhangsan", "123");//Perform authentication try{subject.login (token);} catch (Authenticationexception e) {e.printstacktrace ();} System.out.println ("is denied authentication by:" + subject.isauthenticated ());//resource-based authorization (permission identifier) Boolean permitted = subject.ispermitted ( "User:create"); SYSTEM.OUT.PRINTLN ("Resource-based authorization:" + permitted);}

Shiro Basic Learning (iii)-shiro authorization