Shiro完整架构图
Shiro认证过程
Shiro授权的内部处理机制
Shiro 支持三种方式的授权
1.编程式:通过写if/else 授权代码块完成:
Subject subject = SecurityUtils.getSubject(); if(subject.hasRole(“admin”)) { //有权限 } else { //无权限 }
2.注解式:通过在执行的Java方法上放置相应的注解完成:
@RequiresRoles("admin")
public void hello() {
//有权限
}
3.JSP/GSP 标签:在JSP/GSP 页面通过相应的标签完成:
<shiro:hasRole name="admin"> <!— 有权限—> </shiro:hasRole>
实际与web系统集成使用后两种方式
shiro的过虑器
|
过滤器简称 |
对应的java类 |
|
anon |
org.apache.shiro.web.filter.authc.AnonymousFilter |
|
authc |
org.apache.shiro.web.filter.authc.FormAuthenticationFilter |
|
authcBasic |
org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter |
|
perms |
org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter |
|
port |
org.apache.shiro.web.filter.authz.PortFilter |
|
rest |
org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter |
|
roles |
org.apache.shiro.web.filter.authz.RolesAuthorizationFilter |
|
ssl |
org.apache.shiro.web.filter.authz.SslFilter |
|
user |
org.apache.shiro.web.filter.authc.UserFilter |
|
logout |
org.apache.shiro.web.filter.authc.LogoutFilter |