Shiro授权过程

作者: jarWorker | 来源:发表于2018-12-06 17:40 被阅读0次

Shiro授权过程
SpringBoot整合Shiro（二）Shiro授权
springboot + shiro +cas 集成
shiro 授权
Shiro授权
shiro认证与授权
Shiro之实现授权
理解Shiro身份认证授权原理
4. Shiro授权
shiro框架：缓存器Ehcache的详细配置流程

Shiro授权流程图

Shiro

Shiro授权流程

创建SecurityManager;
主体授权;
SecurityManager授权;
Authorizer授权;
Realm获取角色权限数据。

maven依赖

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.4.0</version>
    </dependency>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>4.12</version>
    </dependency>

测试用例

package com.jarworker.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;

/**
 * 授权测试
 */
public class AuthorizerTest {
    SimpleAccountRealm simpleAccountRealm;
    @Before
    public void addAuthorizerUser() throws Exception {
        simpleAccountRealm=new SimpleAccountRealm();
//        simpleAccountRealm.addAccount("jarworker","123","admin");
        simpleAccountRealm.addAccount("jarworker","123","admin","user");
    }

    @Test
    public void testAuthorizer() throws Exception {
        //构建DefaultSecurityManager 环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(simpleAccountRealm);
        //主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("jarworker","123");
        subject.login(token);
        System.out.println("是否认证："+subject.isAuthenticated());
//        授权的时候需要登陆
//        subject.checkRoles("admin");
        subject.checkRoles("admin","user");
    }
}