shiro學習（一）

一、使用ini完成認證

1.maven依賴

    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.11</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-core</artifactId>
      <version>1.4.0</version>
    </dependency>
    <dependency>
      <groupId>commons-logging</groupId>
      <artifactId>commons-logging</artifactId>
      <version>1.2</version>
    </dependency>

2.創建.ini資源文件

[users]
#賬號=密碼
alan=666

3.創建測試類

package cn.alan;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;

/*
    測試shiro登錄操作
 */
public class ShiroTest {

    @Test
    public void testLogin() throws Exception{
        //獲得工廠對象
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        //獲取SecurityManager對象
        SecurityManager securityManager = factory.getInstance();
        //將securityManager對象綁定到當前運行環境
        SecurityUtils.setSecurityManager(securityManager);
        //創建當前登錄對象主體
        Subject subject = SecurityUtils.getSubject();
        //獲得主體登錄的信息
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("alan","666");
        //主體登錄
        subject.login(usernamePasswordToken);
        //查看是否登錄
        System.out.println("登錄是否成功："+subject.isAuthenticated());
        //登出
        subject.logout();
        System.out.println("登錄是否成功："+subject.isAuthenticated());
    }
}

4.登錄登出流程圖

二、自定義Realm

1.新建MyRealm集成AuthorizingRealm

package cn.alan;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class MyRealm extends AuthorizingRealm {

    @Override
    public String getName(){
        return "MyRealm";
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //授權
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //認證
        //authenticationToken是封裝了UsernamePasswordToken
        //通過用戶名到數據庫查找用戶信息，封裝成AuthenticationInfo對象返回
        String username = (String)authenticationToken.getPrincipal();
        //模擬數據庫操作
        if(!username.equals("alan")){
            return null;
        }
        String password = "666";
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,password,getName());
        return info;
    }
}

2.創建shiro-realm.ini資源文件

#自定義Realm
myRealm=cn.alan.MyRealm
#指定securityManager的realms實現
securityManager.realms=$myRealm

3.測試

@Test
    public void testLogin() throws Exception{
        //獲得工廠對象
//        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
        //獲取SecurityManager對象
        SecurityManager securityManager = factory.getInstance();
        //將securityManager對象綁定到當前運行環境
        SecurityUtils.setSecurityManager(securityManager);
        //創建當前登錄對象主體
        Subject subject = SecurityUtils.getSubject();
        //獲得主體登錄的信息
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("alan","666");
        //主體登錄
        subject.login(usernamePasswordToken);
        //查看是否登錄
        System.out.println("登錄是否成功："+subject.isAuthenticated());
        //登出
        subject.logout();
        System.out.println("登錄是否成功："+subject.isAuthenticated());
    }