shiro示例讲解

        官网shiro例子，可以很好的帮助我们理解和运用shiro。下面就讲解下怎么如何使用maven来运行官网示例，及理解其实现过程。

        一、新建maven项目

      new->other->Maven project->Create a simple project （勾选）

       

   二、新建shiro文件（shiro.ini），放入src/main/resources路径下，log4j.properties也是放入该路径下。

        

# =============================================================================
# Tutorial INI configuration
#
# Usernames/passwords are based on the classic Mel Brooks' film "Spaceballs" :)
# =============================================================================

# -----------------------------------------------------------------------------
# Users and their (optional) assigned roles
# username = password, role1, role2, ..., roleN
# -----------------------------------------------------------------------------
[users]
root = secret, admin
guest = guest, guest
presidentskroob = 12345, president
darkhelmet = ludicrousspeed, darklord, schwartz
lonestarr = vespa, goodguy, schwartz

# -----------------------------------------------------------------------------
# Roles with assigned permissions
# roleName = perm1, perm2, ..., permN
# -----------------------------------------------------------------------------
[roles]
admin = *
schwartz = lightsaber:*
goodguy = winnebago:drive:eagle5

 三、pom.xml文件配置

       1、引入shiro的相关jar包，shiro依赖slf4j包，这里也可引入下。

         

        

            注意：shiro-core 高版本的jar包，已经不支持读取配置文件这种方式了。项目中低版本1.2.4的是支持的。

       2、要执行main函数，这里引入maven-compiler-plugin插件和exec-maven-plugin插件。其中exec-maven-plugin插件配置中需指定执行main函数所在类的路径

          

     具体pom.xml配置参考如下：

   

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.hik.shiro.tutorial</groupId>
  <artifactId>shiro-tutorial</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <name>First Apache Shiro Application</name>
  <description>First Apache Shiro Application</description>
  
  <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>
    
     <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.6.1</version>
                <configuration>
                    <source>1.7</source>
                    <target>1.7</target>
                    <encoding>${project.build.sourceEncoding}</encoding>
                </configuration>
            </plugin>

        <!-- This plugin is only to test run our little application.  It is not
             needed in most Shiro-enabled applications: -->
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>exec-maven-plugin</artifactId>
                <version>1.6.0</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>java</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <classpathScope>test</classpathScope>
                    <mainClass>shiro.Tutorial</mainClass>
                </configuration>
            </plugin>
        </plugins>
    </build>
  
  <dependencies>
      <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.2.4</version>
    </dependency>
      <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>slf4j-log4j12</artifactId>
        <version>1.7.25</version>
        <scope>test</scope>
    </dependency>
  </dependencies>
</project>

四、Tutorial.java文件

     

package shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * 
 */

/**
 * @ClassName: Tutorial
 * @Description: TODO
 * @author jed
 * @date 2017��7��8������4:27:52
 *
 */
public class Tutorial {
    
    private static final transient Logger log = LoggerFactory.getLogger(Tutorial.class);
    
    public static void main(String[] args) {
        // 读取配置文件，初始化SecurityManager工厂
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        // 获取securityManager实例
        SecurityManager securityManager = factory.getInstance();
        // 把securityManager实例绑定到SecurityUtils
        SecurityUtils.setSecurityManager(securityManager);
        // get the currently executing user:
        Subject currentUser = SecurityUtils.getSubject();
        // Do some stuff with a Session (no need for a web or EJB container!!!)
        Session session = currentUser.getSession();
        session.setAttribute("someKey", "aValue");
        String value = (String) session.getAttribute("someKey");
        if(value.equals("aValue")){
            log.info("Retrieved the correct value! [" + value + "]");
        }
        
        // let's login the current user so we can check against roles and permissions:
        if(!currentUser.isAuthenticated()){
            UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
            token.setRememberMe(true);
            try {
                currentUser.login(token);
            } catch(UnknownAccountException uae){
                log.info("There is no user with username of " + token.getPrincipal());
            }catch(IncorrectCredentialsException ice ){
                 log.info("Password for account " + token.getPrincipal() + " was incorrect!");
            }catch (LockedAccountException lae) {
                log.info("The account for username " + token.getPrincipal() + " is locked.  " +
                        "Please contact your administrator to unlock it.");
            }catch (AuthenticationException ae) {// ... catch more exceptions here (maybe custom ones specific to your application?
                //unexpected condition?  error?
            }
        }
        
         //say who they are:
        //print their identifying principal (in this case, a username):
        log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
        
        //test a role:
        if(currentUser.hasRole("schwartz")){
             log.info("May the Schwartz be with you!");
        }else{
            log.info("Hello, mere mortal.");
        }
        
       //test a typed permission (not instance-level)
        if(currentUser.isPermitted("lightsaber:weild")){
             log.info("You may use a lightsaber ring.  Use it wisely.");
        }else {
             log.info("Sorry, lightsaber rings are for schwartz masters only.");
        }
        
      //a (very powerful) Instance Level permission:
        
        if(currentUser.isPermitted("winnebago:drive:eagle5")){
             log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " +
                     "Here are the keys - have fun!");
        }else {
            log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
        }
        
        //all done - log out!
        currentUser.logout();
        
        System.exit(0);
    }
}

五、eclipse执行shiro示例项目配置

  

重要提示：pom.xml配置文件中引入依赖的jar版本，及更新新的jar包版本号，可到中央仓库查询。

中央仓库
http://mvnrepository.com/