标签:
1、shiro
介绍:简单的java安全框架,旨在提供一个直观而全面的认证,授权,加密及回话管理的解决方案。
它通过简单易用的api为项目提供安全性而又无需重头编写代码。
1 import org.apache.shiro.SecurityUtils; 2 import org.apache.shiro.authc.*; 3 import org.apache.shiro.config.IniSecurityManagerFactory; 4 import org.apache.shiro.mgt.SecurityManager; 5 import org.apache.shiro.session.Session; 6 import org.apache.shiro.subject.Subject; 7 import org.apache.shiro.util.Factory; 8 import org.slf4j.Logger; 9 import org.slf4j.LoggerFactory; 10 11 12 /** 13 * Simple Quickstart application showing how to use Shiro‘s API. 14 * 15 * @since 0.9 RC2 16 */ 17 public class Quickstart { 18 19 private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class); 20 //指定类初始化日志对象 21 22 public static void main(String[] args) { 23 24 // The easiest way to create a Shiro SecurityManager with configured 25 // realms, users, roles and permissions is to use the simple INI config. 26 // We‘ll do that by using a factory that can ingest a .ini file and 27 // return a SecurityManager instance: 28 29 // Use the shiro.ini file at the root of the classpath 30 // (file: and url: prefixes load from files and urls respectively): 31 Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); 32 SecurityManager securityManager = factory.getInstance(); 33 34 // for this simple example quickstart, make the SecurityManager 35 // accessible as a JVM singleton. Most applications wouldn‘t do this 36 // and instead rely on their container configuration or web.xml for 37 // webapps. That is outside the scope of this simple quickstart, so 38 // we‘ll just do the bare minimum so you can continue to get a feel 39 // for things. 40 SecurityUtils.setSecurityManager(securityManager); 41 42 // Now that a simple Shiro environment is set up, let‘s see what you can do: 43 44 // get the currently executing user: 45 Subject currentUser = SecurityUtils.getSubject(); 46 47 // Do some stuff with a Session (no need for a web or EJB container!!!) 48 Session session = currentUser.getSession(); 49 session.setAttribute("someKey", "aValue"); 50 String value = (String) session.getAttribute("someKey"); 51 if (value.equals("aValue")) { 52 log.info("Retrieved the correct value! [" + value + "]"); 53 } 54 55 // let‘s login the current user so we can check against roles and permissions: 56 if (!currentUser.isAuthenticated()) { 57 UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa"); 58 token.setRememberMe(true); 59 try { 60 currentUser.login(token); 61 } catch (UnknownAccountException uae) { 62 log.info("There is no user with username of " + token.getPrincipal()); 63 } catch (IncorrectCredentialsException ice) { 64 log.info("Password for account " + token.getPrincipal() + " was incorrect!"); 65 } catch (LockedAccountException lae) { 66 log.info("The account for username " + token.getPrincipal() + " is locked. " + 67 "Please contact your administrator to unlock it."); 68 } 69 // ... catch more exceptions here (maybe custom ones specific to your application? 70 catch (AuthenticationException ae) { 71 //unexpected condition? error? 72 } 73 } 74 75 //say who they are: 76 //print their identifying principal (in this case, a username): 77 log.info("User [" + currentUser.getPrincipal() + "] logged in successfully."); 78 79 //test a role: 80 if (currentUser.hasRole("schwartz")) { 81 log.info("May the Schwartz be with you!"); 82 } else { 83 log.info("Hello, mere mortal."); 84 } 85 86 //test a typed permission (not instance-level) 87 if (currentUser.isPermitted("lightsaber:weild")) { 88 log.info("You may use a lightsaber ring. Use it wisely."); 89 } else { 90 log.info("Sorry, lightsaber rings are for schwartz masters only."); 91 } 92 93 //a (very powerful) Instance Level permission: 94 if (currentUser.isPermitted("winnebago:drive:eagle5")) { 95 log.info("You are permitted to ‘drive‘ the winnebago with license plate (id) ‘eagle5‘. " + 96 "Here are the keys - have fun!"); 97 } else { 98 log.info("Sorry, you aren‘t allowed to drive the ‘eagle5‘ winnebago!"); 99 } 100 101 //all done - log out! 102 // 103 currentUser.logout(); 104 105 System.exit(0); 106 } 107 }
只是Apache提供的一个简单使用的示例,可以参考一下,今后项目遇到上手很简单。
标签:
原文地址:http://www.cnblogs.com/xz-blogs/p/5629452.html