shiro 基本知识测试
shiro 基本知识测试
<!--shiro核心包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.10</version>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.46</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
AuhtorizationTest
package com.mozq.shiro.shiro01;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
public class AuhtorizationTest {
@Test
public void testAuhtorization(){
//创建权限管理器,给定Realm提供认证和授权信息
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();
simpleAccountRealm.addAccount("liubei", "123","砂场老板","砂场负责人");
defaultSecurityManager.setRealm(simpleAccountRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
//获取主体
Subject subject = SecurityUtils.getSubject();
//登录
subject.login(new UsernamePasswordToken("liubei", "123"));
//检查权限
subject.checkRoles("砂场老板1");
// subject.checkRoles("砂场老板","砂场负责人");
}
}
AuthenticationTest
package com.mozq.shiro.shiro01;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
public class AuthenticationTest {
@Test
public void AuthenticationTest(){
//创建权限管理器,给定Realm提供认证和授权信息
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();
simpleAccountRealm.addAccount("liubei", "123");
simpleAccountRealm.addAccount("sunquan", "123");
defaultSecurityManager.setRealm(simpleAccountRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
//获取主体
Subject subject = SecurityUtils.getSubject();
//登录
subject.login(new UsernamePasswordToken("liubei", "123"));
subject.login(new UsernamePasswordToken("sunquan", "123"));
System.out.println("subject.isAuthenticated():" + subject.isAuthenticated());
//退出
subject.logout();
System.out.println("subject.isAuthenticated():" + subject.isAuthenticated());
}
}
IniRealmTest
package com.mozq.shiro.shiro01;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
public class IniRealmTest {
@Test
public void testIniRealm(){
//创建权限管理器,给定Realm提供认证和授权信息
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
IniRealm iniRealm = new IniRealm("classpath:user.ini");
defaultSecurityManager.setRealm(iniRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
//获取主体
Subject subject = SecurityUtils.getSubject();
//认证
subject.login(new UsernamePasswordToken("刘备", "123"));
System.out.println("subject.isAuthenticated():" + subject.isAuthenticated());
//授权
subject.checkRoles("砂场老板");
subject.checkRoles("砂场老板", "砂场负责人");
}
}
# user.ini
[users]
刘备=123,砂场老板
sunquan=234,砂场负责人
[roles]
砂场老板=customer:select,order:select
JdbcRealmTest
package com.mozq.shiro.shiro01;
import com.alibaba.druid.pool.DruidDataSource;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;
public class JdbcRealmTest {
private DruidDataSource dataSource = new DruidDataSource();
@Before
public void setDataSource(){
dataSource.setUrl("jdbc:mysql:///perms");
dataSource.setUsername("root");
dataSource.setPassword("root");
}
@Test
public void testJdbcRealm(){
//创建权限管理器,给定Realm提供认证和授权信息
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
JdbcRealm jdbcRealm = new JdbcRealm();
jdbcRealm.setDataSource(dataSource);
jdbcRealm.setPermissionsLookupEnabled(true);//开启权限查询,默认不会开启
//参数用户名,结果用户密码
jdbcRealm.setAuthenticationQuery("select password from user where username=?");
//参数用户名,结果角色名称
jdbcRealm.setUserRolesQuery(
"select R.role_name\n" +
"from role R\n" +
"left join user_role UR\n" +
"on R.id=UR.role_id\n" +
"left join user U\n" +
"on UR.user_id=U.id\n" +
"where U.username=?"
);
//参数角色名称,结果权限名称
jdbcRealm.setPermissionsQuery(
"select P.permission_name\n" +
"from permission P\n" +
"left join role_permission RP\n" +
"on RP.permission_id=P.id\n" +
"left join role R\n" +
"on RP.role_id=R.id\n" +
"where R.role_name=?"
);
defaultSecurityManager.setRealm(jdbcRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
//获取主体
Subject subject = SecurityUtils.getSubject();
//认证
subject.login(new UsernamePasswordToken("刘备", "123"));
System.out.println("subject.isAuthenticated():" + subject.isAuthenticated());
//授权
subject.checkRoles("砂场老板");
// subject.checkRoles("砂场老板", "砂场负责人");
subject.checkPermission("customer:select");
}
}
CustomRealm
package com.mozq.shiro.shiro01;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
public class CustomRealm extends AuthorizingRealm {
private Map<String, String> users = new HashMap<>();
{
users.put("刘备","123");
users.put("孙权","123");
}
private String getPasswordByUsername(String username){
return users.get(username);
}
private Set<String> getRolesByUsername(String username){
Set<String> roles = new HashSet<>();
if("刘备".equals(username)){
roles.add("砂场老板");
return roles;
}
return roles;
}
private Set<String> getPermsByUsername(String username){
Set<String> perms = new HashSet<>();
if("刘备".equals(username)){
perms.add("user:add");
perms.add("user:delete");
return perms;
}
return perms;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = (String) principals.getPrimaryPrincipal();
Set<String> roles = getRolesByUsername(username);
Set<String> perms = getPermsByUsername(username);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRoles(roles);
simpleAuthorizationInfo.addStringPermissions(perms);
return simpleAuthorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = String.valueOf(token.getPrincipal());
String password = String.valueOf((char[]) token.getCredentials());
System.out.println(username + ":" + password);
String rightPassword = getPasswordByUsername(username);
if(rightPassword != null && rightPassword.equals(password)){
return new SimpleAuthenticationInfo(username, password, "customRealm");
}
return null;
}
}
CustomRealmTest
package com.mozq.shiro.shiro01;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import java.util.HashSet;
public class CustomRealmTest {
@Test
public void testCustomRealm(){
//创建权限管理器,给定Realm提供认证和授权信息
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
CustomRealm customRealm = new CustomRealm();
defaultSecurityManager.setRealm(customRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
//获取主体
Subject subject = SecurityUtils.getSubject();
//认证
subject.login(new UsernamePasswordToken("刘备", "123"));
// subject.login(new UsernamePasswordToken("孙权", "123"));
System.out.println("subject.isAuthenticated():" + subject.isAuthenticated());
//授权
subject.checkRoles("砂场老板");
// subject.checkRoles("砂场老板", "砂场负责人");
subject.checkPermissions("user:add", "user:delete");
}
@Test
public void testAddAll(){
HashSet<String> roles = new HashSet<>();
roles.addAll(null);//java.lang.NullPointerException
}
}
@startuml
interface Realm
abstract class CachingRealm
abstract class AuthenticatingRealm
abstract class AuthorizingRealm
class SimpleAccountRealm
class TextConfigurationRealm
class IniRealm
class PropertiesRealm
class JdbcRealm
Realm <|.. CachingRealm
CachingRealm <|-- AuthenticatingRealm
AuthenticatingRealm <|-- AuthorizingRealm
AuthorizingRealm <|-- SimpleAccountRealm
SimpleAccountRealm <|-- TextConfigurationRealm
TextConfigurationRealm <|-- IniRealm
TextConfigurationRealm <|-- PropertiesRealm
AuthorizingRealm <|-- JdbcRealm
@enduml
shiro 基本知识测试的更多相关文章
- Shiro框架 - 【shiro基础知识】
转载:https://segmentfault.com/a/1190000013875092#articleHeader27 读完需要 63 分钟 前言 本文主要讲解的知识点有以下: 权限管理 ...
- Android SDK上手指南:知识测试
Android SDK上手指南:知识测试 2014-01-22 10:00 核子可乐 译 51CTO 字号:T | T 在从零开始学习Android开发系列教程当中,我们已经了解了为Android平台 ...
- 【考试】java基础知识测试,看你能得多少分?
1 前言 共有5道java基础知识的单项选择题,每道20分,共计100分.解析和答案在最后. 2 试题 2.1 如下程序运行结果是什么? class Parent { public Parent(St ...
- Shiro基础知识08----拦截器介绍(转)
1 拦截器介绍 Shiro使用了与Servlet一样的Filter接口进行扩展:所以如果对Filter不熟悉可以参考<Servlet3.1规范>http://www.iteye.com/b ...
- Shiro基础知识03----shiro授权(编程式授权),Permission详解,授权流程(zz)
授权,也叫访问控制,即在应用中控制谁能访问哪些资源(如访问页面/编辑数据/页面操作等). 在权限认证中,最核心的是:主体/用户(Subject).权限(Permission).角色(Role).资源 ...
- 安全小测试:介绍一个简单web安全知识测试的网站
https://websecurity.firebaseapp.com/ 一次测试一共7道题,最后有答案,可以反复做,每次随机抽题
- 传智Java基础知识测试
共40道选择题,每题2.5分.多选题有错则全错,全对才满分. 单选题: 1. 下列哪个声明是错误的?(B) A. int i=10; B. float f=1.1; C. double ...
- Js 正则表达式知识测试
本文对javascript中正则表达式进行了总结汇总,将知识点和注意点都理了一下,并附上2个练习题,供大家参考学习. 正则表达式: 1.什么是RegExp?RegExp是正则表达式的缩写.RegExp ...
- Shiro入门这篇就够了【Shiro的基础知识、回顾URL拦截】
前言 本文主要讲解的知识点有以下: 权限管理的基础知识 模型 粗粒度和细粒度的概念 回顾URL拦截的实现 Shiro的介绍与简单入门 一.Shiro基础知识 在学习Shiro这个框架之前,首先我们要先 ...
随机推荐
- 基于Apache和tomcat实现负载均衡
1.基于Apache和tomcat实现负载均衡 准备三个虚拟机一个安装Apache两个安装Tomcat 关闭防火墙 systemctl stop firewalld Iptabled -F Seten ...
- 数据仓库010 - MySQL查看所有存储过程,函数,视图,触发器
.查询数据库中的存储过程和函数 方法一: select `name` from mysql.proc where db = 'your_db_name' and `type` = 'PROCEDURE ...
- RocketMQ支持事务消息机制
事务消费 我们经常支付宝转账余额宝,这是日常生活的一件普通小事,但是我们思考支付宝扣除转账的钱之后,如果系统挂掉怎么办,这时余额宝账户并没有增加相应的金额,数据就会出现不一致状况了. 上述场景在各个类 ...
- 转载-Qualcomm MSM8953启动流程:PBL-SBL1-(bootloader)LK-Android
文章转载链接: https://blog.csdn.net/RadianceBlau/article/details/73229005 对于嵌入式工程师了解芯片启动过程是十分有必要的,在分析.调试各种 ...
- HTML+CSS基础 border css属性 Div块 盒子
border css属性 边框颜色 border-color:red/#ffffff/rgb()默认为黑色 边框样式 border-style:solid (实线) dashed (虚线).默认为n ...
- k8s笔记之chartmuseum搭建
一.下载安装包 #在master节点中执行,以下这条命令就是下载文件到当前目录而已,下载完成之后让我们将chartmuseum赋予权限,就是可执行了chmod chartmuseum,然后移动到/us ...
- 机器学习(六)--------神经网络(Neural Networks)
无论是线性回归还是逻辑回归都有这样一个缺点,即:当特征太多时, 计算的负荷会非常大. 比如识别图像,是否是一辆汽车,可能就需要判断太多像素. 这时候就需要神经网络. 神经网络是模拟人类大脑的神经网络, ...
- JVM的内存分配策略
1.对象优先在Eden区分配大多数情况下,对象在新生代Eden区中分配.当Eden区没有足够空间进行分配时,虚拟机将发起一次Minor GC. 2.大对象直接进入老年代 所谓的大对象是指,需要大量连续 ...
- Window权限维持(一):注册表运行键
在红队行动中在网络中获得最初的立足点是一项耗时的任务.因此,持久性是红队成功运作的关键,这将使团队能够专注于目标,而不会失去与指挥和控制服务器的通信.在Windows登录期间创建将执行任意负载的注册表 ...
- Microsoft.Practices.Unity
// // Summary: // Register a type mapping with the container. // // Parameters: // container: // Con ...