如果用户在特定组中,我将shiro连接到我们的活动目录并尝试配置它。
Shiro.ini
档案:
[main]
realm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
realm.url = LDAP://example.com/
realm.systemUsername = admin@example.com
realm.systemPassword = password
realm.searchBase = "OU=level2,OU=level1,DC=example,DC=com"
realm.groupRolesMap = "CN=Group1,OU=level2,OU=level1,DC=example,DC=com":"itadmins"
[roles]
itadmins = *
和代码:
public class Quickstart {
private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);
public static final String userName = "user1@example.com";
public static final String password = "userpassword";
public static void main(String[] args) {
// The easiest way to create a Shiro SecurityManager with configured
// realms, users, roles and permissions is to use the simple INI config.
// We'll do that by using a factory that can ingest a .ini file and
// return a SecurityManager instance:
// Use the shiro.ini file at the root of the classpath
// (file: and url: prefixes load from files and urls respectively):
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
// for this simple example quickstart, make the SecurityManager
// accessible as a JVM singleton. Most applications wouldn't do this
// and instead rely on their container configuration or web.xml for
// webapps. That is outside the scope of this simple quickstart, so
// we'll just do the bare minimum so you can continue to get a feel
// for things.
SecurityUtils.setSecurityManager(securityManager);
// Now that a simple Shiro environment is set up, let's see what you can do:
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
// get the currently executing user:
Subject currentUser = SecurityUtils.getSubject();
try {
currentUser.login(token);
System.out.println("We've authenticated! :)");
} catch (AuthenticationException e) {
System.out.println("We did not authenticate :(");
e.printStackTrace();
}
log.info("User [" + currentUser + "] logged in successfully.");
if (currentUser.hasRole("hasRole")) {
System.out.println("We're authorized! :)");
} else {
System.out.println("We are not authorized :(");
}
//all done - log out!
currentUser.logout();
System.exit(0);*/
}
}
用户已通过身份验证但未获得授权。我做错了什么?
答案 0 :(得分:0)
看起来你有拼写错误? currentUser.hasRole("hasRole")
我猜这应该是currentUser.hasRole("itadmins")
?