packagecn.chenhaoxiang.shiro;importcn.chenhaoxiang.common.ShiroUtils;importorg.apache.shiro.subject.Subject;importorg.junit.Test;importorg.slf4j.Logger;importorg.slf4j.LoggerFactory;importjava.util.Arrays;/** * 基于角色的访问控制 */publicclassRoleTest{privatestaticLoggerlogger=LoggerFactory.getLogger(RoleTest.class);/** * hasRole(String roleName) Returns true if the Subject is assigned the specified role, false otherwise. * hasRoles(List<String> roleNames) Returns a array of hasRole results corresponding to the indices in the method argument. Useful as a performance enhancement if many role checks need to be performed (e.g. when customizing a complex view) * hasAllRoles(Collection<String> roleNames) Returns true if the Subject is assigned all of the specified roles, false otherwise. * hasRole 判断是否拥有某个角色 * * hasRoles 判断拥有某个角色 返回的是boolean[] 用来高效判断对应角色拥有 * hasAllRoles 判断拥有所有角色 拥有传入的全部角色的话,才返回true * */@TestpublicvoidtestHasRole(){Subjectsubject=ShiroUtils.login("classpath:shiro_role.ini","chx","123456");logger.info(subject.hasRole("role1")?"有role1这个角色":"没有role1这个角色");logger.info(subject.hasRole("role2")?"有role2这个角色":"没有role2这个角色");Subjectsubject2=ShiroUtils.login("classpath:shiro_role.ini","jack","123456");logger.info(subject2.hasRole("role1")?"有role1这个角色":"没有role1这个角色");logger.info(subject2.hasRole("role2")?"有role2这个角色":"没有role2这个角色");// hasRoles 判断拥有某个角色 返回的是boolean[] 用来高效判断对应角色拥有boolean[]results=subject.hasRoles(Arrays.asList("role1","role2","role3"));logger.info(results[0]?"有role1这个角色":"没有role1这个角色");logger.info(results[1]?"有role2这个角色":"没有role2这个角色");logger.info(results[2]?"有role2这个角色":"没有role3这个角色");//hasAllRoles 判断拥有所有角色 拥有传入的全部角色的话,才返回truelogger.info(subject.hasAllRoles(Arrays.asList("role1","role2"))?"有role1和role2这两个个角色":"role1,role2这两个角色不全部有");subject.logout();//退出}/** * CheckRole */@TestpublicvoidtestCheckRole(){Subjectsubject=ShiroUtils.login("classpath:shiro_role.ini","chx","123456");subject.checkRole("role1");//没有返回值//subject.checkRole("role3");//没有这个角色会抛出异常 //org.apache.shiro.authz.UnauthorizedException: Subject does not have role [role211]//checkRoles(Collection<String> roleNames)subject.checkRoles(Arrays.asList("role1","role2"));//subject.checkRoles(Arrays.asList("role1","role2","role3"));//没有全部角色会抛出异常 //org.apache.shiro.authz.UnauthorizedException: Subject does not have role [role3]//checkRoles(String... roleNames)和checkRoles(Collection<String> roleNames)意思一样,传入的参数类型不同subject.checkRoles("role1","role2");subject.logout();//退出}}
@RequiresAuthentication//判断验证有没有通过publicvoidupdateAccount(AccountuserAccount){//this method will only be invoked by a//Subject that is guaranteed authenticated...}
基本等同于下面的代码:
12345678
publicvoidupdateAccount(AccountuserAccount){if(!SecurityUtils.getSubject().isAuthenticated()){thrownewAuthorizationException(...);}//Subject is guaranteed authenticated here...}
@RequiresGuestpublicvoidsignUp(UsernewUser){//this method will only be invoked by a//Subject that is unknown/anonymous...}
基本等价于下面的代码:
1234567891011
publicvoidsignUp(UsernewUser){SubjectcurrentUser=SecurityUtils.getSubject();PrincipalCollectionprincipals=currentUser.getPrincipals();if(principals!=null&&!principals.isEmpty()){//known identity - not a guest:thrownewAuthorizationException(...);}//Subject is guaranteed to be a 'guest' here...}
@RequiresPermissions("account:create")//必须有account:create权限,多个权限之间用逗号隔开publicvoidcreateAccount(Accountaccount){//this method will only be invoked by a Subject//that is permitted to create an account...}
基本等价于:
123456789
publicvoidcreateAccount(Accountaccount){SubjectcurrentUser=SecurityUtils.getSubject();if(!subject.isPermitted("account:create")){thrownewAuthorizationException(...);}//Subject is guaranteed to be permitted here...}
@RequiresRoles("administrator")publicvoiddeleteUser(Useruser){//this method will only be invoked by an administrator...}
基本等同于以下代码:
123456789
publicvoiddeleteUser(Useruser){SubjectcurrentUser=SecurityUtils.getSubject();if(!subject.hasRole("administrator")){thrownewAuthorizationException(...);}//Subject is guaranteed to be an 'administrator' here...}
@RequiresUserpublicvoidupdateAccount(Accountaccount){//this method will only be invoked by a 'user'//i.e. a Subject with a known identity...}
基本等同于下面代码:
1234567891011
publicvoidupdateAccount(Accountaccount){SubjectcurrentUser=SecurityUtils.getSubject();PrincipalCollectionprincipals=currentUser.getPrincipals();if(principals==null||principals.isEmpty()){//no identity - they're anonymous, not allowed:thrownewAuthorizationException(...);}//Subject is guaranteed to have a known identity here...}
<shiro:hasAnyRolesname="developer, project manager, administrator"> You are either a developer, project manager, or administrator.
</shiro:hasAnyRoles>
只要有其中一个角色,即显示主体内容
hasPermission标签
如果当前Subject有权限则显示其包装的内容
123
<shiro:hasPermissionname="user:create"><ahref="createUser.jsp">Create a new User</a></shiro:hasPermission>
lacksPermission标签
如果当前Subject没有该权限则显示其包装的内容
123
<shiro:lacksPermissionname="user:delete"> Sorry, you are not allowed to delete user accounts.
</shiro:lacksPermission>