从Shiro官网的10分钟教程和Get started开始。
- 了解什么是Shiro?
英文不好,结合百度翻译,大概了解了一下,powerful,easy to use,java安全框架,提供认证、授权、加密和session管理解决方案。
- 下载使用
https://shiro.apache.org/download.html
使用maven,加载shiro的各个组件。也可以再github直接下载Shiro的全部源码学习。在源码中找到samples文件夹,查看官方提供的demo。
- quickstart
新建maven项目,引入shiro-core依赖
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.sun</groupId>
<artifactId>shiro-quickstart</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>shiro-quickstart</name>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<shiro.version>1.4.0</shiro.version>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<!-- 日志依赖,和shiro本身无关 -->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.7.25</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
</project>
新建quickStart类,按照官网实例敲下去,运行:
1 SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". 2 SLF4J: Defaulting to no-operation (NOP) logger implementation 3 SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. 4 Exception in thread "main" org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration. 5 at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) 6 at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) 7 at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) 8 at com.sun.shiro_quickstart.QuickStart.main(QuickStart.java:18)
没有绑定securityManager,在官方文档的Get started:first shiro application中发现了这个名词。使用shiro,第一件事就是创建一个securityManager,根据教程,我们使用shiro.ini创建securityManager.
package com.sun.shiro_quickstart;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* 使用shiro.ini创建securityManager
* @author quietly
*
*/
public class StartWithSecurityManager {
public static Logger log = LoggerFactory.getLogger(StartWithSecurityManager.class);
public static void main(String[] args) {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
if(!currentUser.isAuthenticated()){
//尚未登录:
UsernamePasswordToken token = new UsernamePasswordToken("root","root");
token.setRememberMe(true);
try{
currentUser.login(token);
}catch(UnknownAccountException e){
//账号不存在
log.error("用户名不存在:\n" + e.getMessage());
}catch(IncorrectCredentialsException e){
log.error("凭证(密码)错误:\n" + e.getMessage());
}
}else{
log.info("用户已认证");
log.info("root is Permited by user:select:" + currentUser.isPermitted("user:select"));
currentUser.logout();
}
if(currentUser.isAuthenticated()){
log.info("用户已认证");
log.info("root is Permited by 'user:select':" + currentUser.isPermitted("user:select"));
currentUser.logout();
}
}
}