本文共 6118 字,大约阅读时间需要 20 分钟。
控制那些角色可以进行访问,.ini文件配置如下:
[users]hly = 123,role1,role2abc = 123,role1
用户hly拥有角色role1,role2,所验证的代码如下
@Test public void testHasRole(){ iniConfig("classpath:shiro/authorization/shiro-role.ini","hly","123"); Assert.assertTrue(subject().hasRole("role1")); Assert.assertTrue(subject().hasAllRoles(Arrays.asList("role1", "role2"))); boolean [] result = subject().hasRoles(Arrays.asList("role1","role2","role3")); Assert.assertEquals(true,result[0]); Assert.assertEquals(true,result[1]); Assert.assertEquals(false,result[2]); }
根据hasRole,hasAllRoles等方法可以判断用户是否拥有相关的权限。
控制用户可以进行的相关操作,如CRUD等.
.ini文件配置主体和角色所拥有的权限,如下,具体配置方法如思维导图所示.
[users]hly = 123,role1,role2abc = 123,role1[roles]role1 = user:create,user:updaterole2 = user:create,user:delete
接下来,我们可以用isPermitted,isPermittedAll等方法对主体所拥有的权限进行测试,如下:
@Test public void testPermission(){ iniConfig("classpath:shiro/authorization/shiro-permission.ini","hly","123"); Assert.assertTrue(subject().isPermitted("user:create")); Assert.assertTrue(subject().isPermittedAll("user:create","user:delete")); Assert.assertFalse(subject().isPermitted("user:view")); }
自定义授权.ini文件配置
[main]#自定义authorizerauthorizer=org.apache.shiro.authz.ModularRealmAuthorizer#自定义permissionResolver#permissionResolver=org.apache.shiro.authz.permission.WildcardPermissionResolverpermissionResolver=com.hly.shiro.authorization.BitAndWildPermissionResolver#解析权限字符串到 Permission 实例authorizer.permissionResolver=$permissionResolver#自定义rolePermissionResolverrolePermissionResolver=com.hly.shiro.authorization.MyRolePermissionResolver#根据角色解析相应的权限集合authorizer.rolePermissionResolver=$rolePermissionResolver#进行授权控制securityManager.authorizer=$authorizer#自定义realm 一定要放在securityManager.authorizer赋值之后(因为调用setRealms会将realms设置给authorizer,并给各个Realm设置permissionResolver和rolePermissionResolver)realm=com.hly.shiro.realm.MyRealmsecurityManager.realms=$realm
1.解析权限字符串到 Permission 实例,得到相应配置规则的字符串。
permissionResolver=com.hly.shiro.authorization.BitAndWildPermissionResolver#解析权限字符串到 Permission 实例authorizer.permissionResolver=$permissionResolver
如配置中的BitAndWildPermissionResolver,BitPermission为自定义匹配方法,WildcardPermission为默认通配符匹配。
public class BitAndWildPermissionResolver implements PermissionResolver { @Override //“+” 开头来解析权限字符串为 BitPermission 或 WildcardPermission。 public Permission resolvePermission(String permissionString) { if(permissionString.startsWith("+")){ return new BitPermission(permissionString); } return new WildcardPermission(permissionString); }}
2.根据角色解析相应的权限集合,判断角色是否拥有相应的权限,在自定义realm中,如果添加了role1角色,则可匹配memu:*。
#自定义rolePermissionResolverrolePermissionResolver=com.hly.shiro.authorization.MyRolePermissionResolver#根据角色解析相应的权限集合authorizer.rolePermissionResolver=$rolePermissionResolver
public class MyRolePermissionResolver implements RolePermissionResolver { @Override public CollectionresolvePermissionsInRole(String roleString) { if("role1".equals(roleString)){ return Arrays.asList((Permission) new WildcardPermission("menu:*")); } return null; }}
3.自定义realm,AuthorizationInfo进行授权和添加角色,AuthenticationInfo进行身份验证.
package com.hly.shiro.realm;import com.hly.shiro.authorization.BitPermission;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.authz.permission.WildcardPermission;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;/** * @author :hly * @github :github.com/SiriusHly * @blog :blog.csdn.net/Sirius_hly * @date :2018/9/3 *//** * 自定义Realm */public class MyRealm extends AuthorizingRealm { @Override //表示根据用户身份获取授权信息 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); //添加角色 authorizationInfo.addRole("role1"); authorizationInfo.addRole("role2"); //添加权限 authorizationInfo.addObjectPermission(new BitPermission("+user1+10+1+1")); authorizationInfo.addObjectPermission(new BitPermission("+user1+4")); authorizationInfo.addObjectPermission(new BitPermission("+user1+2")); authorizationInfo.addObjectPermission(new BitPermission("+user1+8")); authorizationInfo.addObjectPermission(new WildcardPermission("user1:*")); authorizationInfo.addStringPermission("+user2+10"); authorizationInfo.addStringPermission("user2:*"); return authorizationInfo; } @Override //表示获取身份验证信息 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String username = (String)authenticationToken.getPrincipal();//用户名 String password = new String((char[])authenticationToken.getCredentials());//密码 if(!"hly".equals(username)) { throw new UnknownAccountException(); //如果用户名错误 } if(!"123".equals(password)) { throw new IncorrectCredentialsException(); //如果密码错误 } //如果身份认证验证成功,返回一个AuthenticationInfo实现; return new SimpleAuthenticationInfo(username, password, getName()); }}
4.进行权限测试
@Test public void testAuthorizerTest(){ iniConfig("classpath:shiro/authorization/shiro-authorizer.ini","hly","123"); //判断拥有权限 Assert.assertTrue(subject().hasRole("role1")); Assert.assertTrue(subject().hasRole("role2")); Assert.assertTrue(subject().isPermitted("user1:delete")); Assert.assertTrue(subject().isPermitted("user2:view")); Assert.assertTrue(subject().isPermitted("+user1+2")); Assert.assertTrue(subject().isPermitted("+user1+8")); Assert.assertTrue(subject().isPermitted("+user2+10")); Assert.assertTrue(subject().isPermitted("+user1+10+1+1")); Assert.assertTrue(subject().isPermitted("+user1+4")); Assert.assertTrue(subject().isPermitted("menu:view")); }
以上完整代码可在笔者中找到,参考。