授权流程
-
- Subject
发起请求,判断是否有相应的角色或者权限
- Subject
-
- SecurityManager
接收Subject请求委托给Authorizer
- SecurityManager
-
- Authorzer
接收SecurityManager并授权
- Authorzer
- 4 Realm
查找角色和授权信息
基于JdbcRealm授权
shiro.ini
#配置数据源
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/shiro?useUnicde=false&characterEncoding=utf-8
dataSource.username=root
dataSource.password=123456
# 使用 自定义的JdbcRealm
jdbcRealm=shiro04.JdbcsaltRealm
jdbcRealm.dataSource=$dataSource
# 重写带salt语句 以login_name当盐值
jdbcRealm.authenticationQuery=select password,login_name from t_user where login_name=?
#重写角色的sql
jdbcRealm.userRolesQuery=select ro.role_name from t_user u left join user_role r on r.user_id=u.id left join t_role ro on ro.id=r.role_id where login_name=?
# 启用权限查找 默认是false
jdbcRealm.permissionsLookupEnabled=true
#重写权限查找
jdbcRealm.permissionsQuery=select tps.perssion_name from t_role role left join role_permission rop on rop.role_id=rop.role_id left JOIN t_permission tps on tps.id=rop.permission_id WHERE tps.perssion_name=?
#配置密码匹配器
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName=sha1
credentialsMatcher.hashIterations=5
#将密码匹配器注入到JdbcRealm中
jdbcRealm.credentialsMatcher=$credentialsMatcher
securityManager.realms=$jdbcRealm
main:
Subject subject= ShiroUtils.getSubject("classpath:shiro06/shiro.ini");
subject.login(new UsernamePasswordToken("admin","123"));
System.out.println("是否认证:"+subject.isAuthenticated());
boolean hasRole = subject.hasRole("teacher");
System.out.println(hasRole);
boolean permitted = subject.isPermitted("teacher:view");