Shiro授权过程

Shiro授权流程图
Shiro授权过程
文章图片
Shiro Shiro授权流程

  1. 创建SecurityManager;
  2. 主体授权;
  3. SecurityManager授权;
  4. Authorizer授权;
  5. Realm获取角色权限数据。
maven依赖
org.apache.shiro shiro-core 1.4.0 junit junit 4.12

测试用例
package com.jarworker.test; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.realm.SimpleAccountRealm; import org.apache.shiro.subject.Subject; import org.junit.Before; import org.junit.Test; /** * 授权测试 */ public class AuthorizerTest { SimpleAccountRealm simpleAccountRealm; @Before public void addAuthorizerUser() throws Exception { simpleAccountRealm=new SimpleAccountRealm(); //simpleAccountRealm.addAccount("jarworker","123","admin"); simpleAccountRealm.addAccount("jarworker","123","admin","user"); }@Test public void testAuthorizer() throws Exception { //构建DefaultSecurityManager 环境 DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager(); defaultSecurityManager.setRealm(simpleAccountRealm); //主体提交认证请求 SecurityUtils.setSecurityManager(defaultSecurityManager); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("jarworker","123"); subject.login(token); System.out.println("是否认证:"+subject.isAuthenticated()); //授权的时候需要登陆 //subject.checkRoles("admin"); subject.checkRoles("admin","user"); } }

    推荐阅读