授权
授权一般是在登陆之后才做的操作:
请查看:快速理解shiro的认证
整体流程:
简单的api:
//是否有对应的角色
subject.hasRole("root")
//获取subject名
subject.getPrincipal()
//检查是否有对应的角色,无返回值,直接在SecurityManager里面进行判断
subject.checkRole("admin")
//检查是否有对应的角色
subject.hasRole("admin")
//退出登录
subject.logout();
测试代码:
public class IsSpringbootShiroApplicationTests2 {
private DefaultSecurityManager defaultSecurityManager = new
DefaultSecurityManager();
private SimpleAccountRealm realm = new SimpleAccountRealm();
@Before
public void init (){
//初始化数据源 并添加角色
realm.addAccount("woxbwo","123","admin","root");
realm.addAccount("zbbiex","456","user");
//构建SecurityManager的执行环境
defaultSecurityManager.setRealm(realm);
}
@Test
public void testAuthentication() {
SecurityUtils.setSecurityManager(defaultSecurityManager);
//获取当前主题 application 或者 user
Subject subject = SecurityUtils.getSubject();
//用户名密码
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("zbbiex","456");
subject.login(usernamePasswordToken);
//获取认证结果
boolean res = subject.isAuthenticated();
System.out.println("认证结果为:"+res);
if(res){
System.out.println("是否有对应的root角色:"+subject.hasRole("root"));
System.out.println("getPrincipal:"+subject.getPrincipal());
subject.logout();
}
System.out.println("logout认证结果为:"+subject.isAuthenticated());
}
}
测试结果:
认证结果为:true
是否有对应的root角色:false
getPrincipal:zbbiex
18:12:16.414 [main] DEBUG org.apache.shiro.mgt.DefaultSecurityManager - Logging out subject with primary principal zbbiex
18:12:16.414 [main] DEBUG org.apache.shiro.session.mgt.AbstractSessionManager - Stopping session with id [958fc3f7-f265-4e8e-8ba1-75937676d5a7]
logout认证结果为:false