Shiro授权流程图
文章图片
Shiro Shiro授权流程
- 创建SecurityManager;
- 主体授权;
- SecurityManager授权;
- Authorizer授权;
- Realm获取角色权限数据。
org.apache.shiro
shiro-core
1.4.0
junit
junit
4.12
测试用例
package com.jarworker.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;
/**
* 授权测试
*/
public class AuthorizerTest {
SimpleAccountRealm simpleAccountRealm;
@Before
public void addAuthorizerUser() throws Exception {
simpleAccountRealm=new SimpleAccountRealm();
//simpleAccountRealm.addAccount("jarworker","123","admin");
simpleAccountRealm.addAccount("jarworker","123","admin","user");
}@Test
public void testAuthorizer() throws Exception {
//构建DefaultSecurityManager 环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(simpleAccountRealm);
//主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("jarworker","123");
subject.login(token);
System.out.println("是否认证:"+subject.isAuthenticated());
//授权的时候需要登陆
//subject.checkRoles("admin");
subject.checkRoles("admin","user");
}
}