Java improvement-05-shiro- simple judgment of authorization

---

QQ 1274510382
Wechat JNZ_aming
Business Alliance QQ group 538250800
Technology trouble QQ group 599020441
Solution QQ group 152889761
Join us QQ group 649347320
Shared learning QQ group 674240731
Chronological technology aming
network security, deep learning, embedded, machine enhancement, biological intelligence, life science .

Ding Ding Ding: The product is online—>Follow the official-WeChat public
account —Jinan Ji Nian Information Technology Co., Ltd. People’s livelihood project: store franchise/entertainment dating/startup business circle/outsourcing part-time development-project release/
security project: situational awareness defense system /Intranet inspection system
Cloud service project: dynamic expansion of cloud host/domain name/elastic storage-database-cloud disk/API-AIeverthing
product consulting/service after-sales (same)

It's always shallow on paper, and I absolutely know that I have to do it! ! !
Looking for like-minded partners to start a business. . . Baotuan Didi aming contact information! !

---

#This article is the advertising system automatically serving ads

# If there is any infringement, deletion, please contact us quickly

---

---

---

#3 Initial realization of Shiro authorization

3.1 Judging the role

3.1.1 Modify configuration file

Just add the role name included in the user directly after the password.

 [users]
zhangsan=zs,role1,role2
lisi=ls

3.1.2 Add code

hasRole() uses the return value to determine whether the user has the specified role.

 if(subject.isAuthenticated){
    
    
 		System.out.println("登录成功");
 		boolean hasRoleResult = SecurityUtils.getSubject().hasRole("role1");
		System.out.println("result:"+hasRoleResult);
}

 通过  subject 看是否 有角色

3.2 Judgment authority

3.2.1 Modify the configuration file

 [users]
zhangsan=zs,role1,role2
lisi=ls
[roles]
role1=permission1,permission2

3.2.2 Add test code

After the authentication is successful, the authorization
is controlled by whether there is an AuthenticationException.
SecurityUtils.getSubject().checkPermission("permission");

4 Realm implementation certification

4.1 Use iniRealm

 public class ShiroRun {
    
    
 		public static void main(String[] args) {
    
    
 
 			SecurityManager securityManager = new DefaultSecurityManager();
			IniRealm iniRealm = new IniRealm("classpath:shiro.ini");
			securityManager.setRealm(iniRealm);
 			SecurityUtils.setSecurityManager(securityManager);
 			Subject subject = SecurityUtils.getSubject();
 //web 项目时，用户名和密码是客户端表单传递过来的用户名和密码。
 AuthenticationToken token = new UsernamePasswordToken("admin", 
"pwd");
 		try {
    
    
 //login()方法没有返回值，只能通过是否有异常判断是否登录成功。
				 subject.login(token);
				 System.out.println("登录成功");
 			} catch (UnknownAccountException e) {
    
    
 				System.out.println("账号不存在");
 			} catch (IncorrectCredentialsException e) {
    
    
				 System.out.println("密码错误");
 			} catch (AuthenticationException e) {
    
    
				 e.printStackTrace();
			 }
 		} 		
 	}