@Test

public void testJdbc() {

DefaultSecurityManager securityManager = new DefaultSecurityManager();

JdbcRealm realm = new JdbcRealm();

// JdbcRealm要把數據源設上

realm.setDataSource(dataSource);

// 要查權限,則要打開開關; 因為默認是關閉的

realm.setPermissionsLookupEnabled(true);

// 自定義查詢認證的sql語句, 對照著原碼里的格式來寫

String sql = "select admin_password from admin where admin_name = ?";

realm.setAuthenticationQuery(sql);

// 自定義角色查詢

String roleSql = "select rolename from role r, admin a where r.roleid = a.roleid and a.admin_name = ?";

realm.setUserRolesQuery(roleSql);

// 自定義權限查詢

// String pSql = "select p.pname from admin a, permission p, rolepermission r where a.roleId = r.roleId and r.permissionId = p.permissionId and a.admin_name = ?";

String pSql = "select permission from testrole where user_name = ?";

realm.setPermissionsQuery(pSql);

securityManager.setRealm(realm);

SecurityUtils.setSecurityManager(securityManager);

Subject subject = SecurityUtils.getSubject();

UsernamePasswordToken token = new UsernamePasswordToken("admin", "1234");

// 認證

subject.login(token);

// 角色認證

subject.checkRole("管理員");

// 權限認證? <要先打開認證權限的開關>

subject.checkPermission("product:manager");

System.out.println("是否認證過:"+subject.isAuthenticated());

}