??????????? ???????????????RBAC?? baseRole.ini
????[users]
????# ???????????????????????
????lee1=123?? role1
????lee2=456?? role1?? role2
???????????
????RoleTest.java
????import com.lee.shiro.util.ShiroUtils;
????import org.apache.shiro.subject.Subject;
????import org.junit.Test;
????public class RoleTest {
????@Test
????public void HasRoleTest() {
????Subject currentUser = ShiroUtils.login("classpath:shiroRole.ini"??
????"lee1"?? "123");
????System.out.println(currentUser.hasRole("role1"));
????}
????}
????Subject ?ж?????????????????????
???????????????????
????boolean hasRole(String roleIdentifier) boolean[] hasRoles(List<String> roleIdentifiers) boolean hasAllRoles(Collection<String> roleIdentifiers)
??????з????????????
????void checkRole(String roleIdentifier) throws AuthorizationException void checkRoles(Collection<String> roleIdentifiers) throws AuthorizationException void checkRoles(String... roleIdentifiers) throws AuthorizationException ?????????????? basePermisssion.ini
????[users]
????# ???????????????????????
????lee1=123?? role1
????lee2=456?? role1?? role2
????[roles]
????role1=user:select
????role2=user:add?? user:update?? user:delete
??????????
????PermissionTest.java
????import com.lee.shiro.util.ShiroUtils;
????import org.apache.shiro.subject.Subject;
????import org.junit.Test;
????public class PermissionTest {
????@Test
????public void isPermitted() {
????Subject currentUser = ShiroUtils.login("classpath:basePermission.ini"??
????"lee1"?? "123");
????System.out.println(currentUser.isPermitted("user:select"));
????}
????}
????Subject ?ж????????????????????
???????????????????
????boolean isPermitted(Permission permission) boolean[] isPermitted(String... permissions) boolean[] isPermitted(List<Permission> permissions) boolean isPermittedAll(String... permissions) boolean isPermittedAll(Collection<Permission> permissions)
??????з????????????
????void checkPermission(String permission) throws AuthorizationException void checkPermission(Permission permission) throws AuthorizationException void checkPermissions(String... permissions) throws AuthorizationException void checkPermissions(Collection<Permission> permissions) throws AuthorizationException ???????
??????????????
????@RequiresAuthentication
???????? Subject ????????? session ?б???????????????????á?
????@RequiresAuthentication
????public void updateAccount(Account userAccount) {
????//this method will only be invoked by a
????//Subject that is guaranteed authenticated
????...
????}
?????????
????public void updateAccount(Account userAccount) {
????if (!SecurityUtils.getSubject().isAuthenticated()) {
????throw new AuthorizationException(...);
????}
????//Subject is guaranteed authenticated here
????...
????}
????@RequiresGuest
?????????? Subject ?????“guest”??????????????????????? session ????б?????????????????????á?
????@RequiresGuest
????public void signUp(User newUser) {
????//this method will only be invoked by a
????//Subject that is unknown/anonymous
????...
????}
?????????
????public void signUp(User newUser) {
????Subject currentUser = SecurityUtils.getSubject();
????PrincipalCollection principals = currentUser.getPrincipals();
????if (principals != null && !principals.isEmpty()) {
????//known identity - not a guest:
????throw new AuthorizationException(...);
????}
????//Subject is guaranteed to be a 'guest' here
????...
????}
????@RequiresPermissions(“account:create”)
?????????? Subject ??????????????????????????????
????@RequiresPermissions("account:create")
????public void createAccount(Account account) {
????//this method will only be invoked by a Subject
????//that is permitted to create an account
????...
????}
?????????
????public void createAccount(Account account) {
????Subject currentUser = SecurityUtils.getSubject();
????if (!subject.isPermitted("account:create")) {
????throw new AuthorizationException(...);
????}
????//Subject is guaranteed to be permitted here
????...
????}
????@RequiresRoles(“administrator”)
?????????? Subject ?????????????????????????У???÷???????????У?????AuthorizationException???????????
????@RequiresRoles("administrator")
????public void deleteUser(User user) {
????//this method will only be invoked by an administrator
????...
????}
?????????
????public void deleteUser(User user) {
????Subject currentUser = SecurityUtils.getSubject();
????if (!subject.hasRole("administrator")) {
????throw new AuthorizationException(...);
????}
????//Subject is guaranteed to be an 'administrator' here
????...
????}
????@RequiresUser
??????????????? Subject ???????ó?????????????????/??????????????á????“??ó??????”?????????????????????????? session ???????????????????? session ?е?“RememberMe”?????????
????@RequiresUser
????public void updateAccount(Account account) {
????//this method will only be invoked by a 'user'
????//i.e. a Subject with a known identity
????...
????}
?????????
????public void updateAccount(Account account) {
????Subject currentUser = SecurityUtils.getSubject();
????PrincipalCollection principals = currentUser.getPrincipals();
????if (principals == null || principals.isEmpty()) {
????//no identity - they're anonymous?? not allowed:
????throw new AuthorizationException(...);
????}
????//Subject is guaranteed to have a known identity here
????...
????}
????JSP ??????
????JSP ?????????????shiro-web.jar???????????
????<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
????The guest tag
???????????????????????????????ο?????????
????<shiro:guest>
????Hi there!  Please <a href="login.jsp">Login</a> or <a href="signup.jsp">Signup</a> today!
????</shiro:guest>
????The user tag
????????????????/??????????????????????
????<shiro:user>
????Welcome back John!  Not John? Click <a href="login.jsp">here<a> to login.
????</shiro:user>
????The authenticated tag
??????????????????????? Subject.login ?????????????????????
????<shiro:authenticated>
????<a href="updateAccount.jsp">Update your contact information</a>.
????</shiro:authenticated>
????The notAuthenticated tag
?????????????????????????е??? Subject.login ???е??????????????????????????δ????????????
????<shiro:notAuthenticated>
????Please <a href="login.jsp">login</a> in order to update your credit card information.
????</shiro:notAuthenticated>
????The principal tag
???????????????????????? Subject.getPrincipal() ??????? Primary Principal??
????Hello?? <shiro:principal/>?? how are you today?
?????????
????Hello?? <%= SecurityUtils.getSubject().getPrincipal().toString() %>?? how are you today?
????Principal property
????Hello?? <shiro:principal property="firstName"/>?? how are you today?
????Hello?? <%= SecurityUtils.getSubject().getPrincipal().getFirstName().toString() %>?? how are you today?
????Hello?? <shiro:principal type="com.foo.User" property="firstName"/>?? how are you today?
????Hello?? <%= SecurityUtils.getSubject().getPrincipals().oneByType(com.foo.User.class).getFirstName().toString() %>?? how are you today?
????The hasRole tag
?????????? Subject ?д???????? body ?????
????<shiro:hasRole name="administrator">
????<a href="admin.jsp">Administer the system</a>
????</shiro:hasRole>
????The lacksRole tag
?????????? Subject ??н??????? body ?????
????<shiro:lacksRole name="administrator">
????Sorry?? you are not allowed to administer the system.
????</shiro:lacksRole>
????The hasAnyRole tag
?????????? Subject ??????????????????????????? body ?????
????<shiro:hasAnyRoles name="developer?? project manager?? administrator">
????You are either a developer?? project manager?? or administrator.
????</shiro:lacksRole>
????The hasPermission tag
?????????? Subject ????????? body ?????
????<shiro:hasPermission name="user:create">
????<a href="createUser.jsp">Create a new User</a>
????</shiro:hasPermission>
????The lacksPermission tag
?????????? Subject ?????????? body ?????
????<shiro:lacksPermission name="user:delete">
????Sorry?? you are not allowed to delete user accounts.
????</shiro:hasPermission>
???????? Web
?????????о????????????????????????GitHub
????????
????<dependency>
????<groupId>org.apache.shiro</groupId>
????<artifactId>shiro-web</artifactId>
????<version>1.3.2</version>
????</dependency>
????<dependency>
????<groupId>javax.servlet</groupId>
????<artifactId>javax.servlet-api</artifactId>
????<version>3.1.0</version>
????</dependency>
????web.xml
????<!-- ????? classpath ?????????壬????????? -->
????<context-param>
????<param-name>shiroConfigLocations</param-name>
????<param-value>classpath:shiroWeb.ini</param-value>
????</context-param>
????<listener>
????<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
????</listener>
????<filter>
????<filter-name>ShiroFilter</filter-name>
????<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
????<!-- ??????????? /WEB-INF/ ???????????
????<init-param>
????<param-name>configPath</param-name>
????<param-value>/WEB-INF/shiroWeb.ini</param-value>
????</init-param>
????-->
????</filter>
????<filter-mapping>
????<filter-name>ShiroFilter</filter-name>
????<url-pattern>/*</url-pattern>
????</filter-mapping>
????shiroWeb.ini
????# authc??roles ???????????? Filter?????????忴 Default Filters