Shiro判断用户拥有哪些具体的权限(4)

pom.xml依赖

<dependencies>
    <!--shiro依赖-->
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.2.4</version>
    </dependency>

    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>slf4j-log4j12</artifactId>
        <version>1.7.12</version>
    </dependency>

    <!--数据库连接池-->
    <dependency>
        <groupId>com.alibaba</groupId>
        <artifactId>druid</artifactId>
        <version>1.1.10</version>
    </dependency>

    <!--日志-->
    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>

    <!--mysql驱动包-->
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <version>5.1.37</version>
    </dependency>
</dependencies>

shiro_role_permission.ini

# 用户   账号 = 密码,权限(支持多个)
[users]
superbird = 123456,system
bigbird = 123,role1,role2

# 权限    用户 = 允许权限
[roles]
system = InRoom:select, InRoom:insert, InRoom:xiaoFei, InRoom:update, VIP:select, VIP:guanli, VIP:add
role1 = InRoom:xiaoFei
role2 = VIP:select, VIP:add

这个小编也不知道怎么说,但是[roles]一定要这样写,整个文档是静态的,可以先看一下下方图片参考参考

ShiroUitl 类

package shiro.util;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;

public class ShiroUitl {

    /**
     * 身份验证
     * @param configPath
     * @param username
     * @param password
     * @return
     */
    public static Subject login(String configPath, String username, String password){
        //创建工厂类
        Factory<SecurityManager> factory = new IniSecurityManagerFactory(configPath);
        SecurityManager securityManager = factory.getInstance();
        //获取当前用户
        SecurityUtils.setSecurityManager(securityManager);
        Subject user = SecurityUtils.getSubject();
        //通过usernamePasswordToken来模拟html/jsp传递过来的用户名和密码
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            user.login(token);
            System.out.println("登录成功");
        } catch (AuthenticationException e) {
            e.printStackTrace();
            System.out.println("登录失败");
        }

        return user;
    }

}

ShiroDey04

package shiro.util;

import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;

import java.util.Arrays;

public class ShiroDey04 {

    public static void main(String[] args) {
        //判断用户是否具有哪些权限
        Subject user = ShiroUitl.login("classpath:shiro_role_permission.ini", "bigbird", "123");
        boolean flag = user.isPermitted("InRoom:xiaoFei");
        System.out.println("flag:" + flag);

        //判断某个用户是否同时具有多个权限
        boolean[] flage = user.isPermitted("InRoom:xiaoFei", "InRoom:update");
        System.out.println("flage:" + Arrays.toString(flage));

        //也可以用异常处理判断某个用户是否同时具有多个权限
        try {
            user.checkPermission("InRoom:update");
            System.out.println("有消费记录");
        } catch (AuthorizationException e) {
            e.printStackTrace();
            System.out.println("无消费记录");
        }

    }

}

直接通过mian方法启动项目就出结果了。

true是通过权限,false则不通过

希望这边文章对您有帮助

 

 

 

本站资源除特别声明外,转载文章请声明文章出处
东泰博客 » Shiro判断用户拥有哪些具体的权限(4)

发表评论

切图仔日常笔记博客