一、使用ini完成認證
1.maven依賴
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
2.創建.ini資源文件
[users]
#賬號=密碼
alan=666
3.創建測試類
package cn.alan;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;
/*
測試shiro登錄操作
*/
public class ShiroTest {
@Test
public void testLogin() throws Exception{
//獲得工廠對象
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//獲取SecurityManager對象
SecurityManager securityManager = factory.getInstance();
//將securityManager對象綁定到當前運行環境
SecurityUtils.setSecurityManager(securityManager);
//創建當前登錄對象主體
Subject subject = SecurityUtils.getSubject();
//獲得主體登錄的信息
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("alan","666");
//主體登錄
subject.login(usernamePasswordToken);
//查看是否登錄
System.out.println("登錄是否成功:"+subject.isAuthenticated());
//登出
subject.logout();
System.out.println("登錄是否成功:"+subject.isAuthenticated());
}
}
4.登錄登出流程圖
二、自定義Realm
1.新建MyRealm集成AuthorizingRealm
package cn.alan;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
@Override
public String getName(){
return "MyRealm";
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//授權
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//認證
//authenticationToken是封裝了UsernamePasswordToken
//通過用戶名到數據庫查找用戶信息,封裝成AuthenticationInfo對象返回
String username = (String)authenticationToken.getPrincipal();
//模擬數據庫操作
if(!username.equals("alan")){
return null;
}
String password = "666";
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,password,getName());
return info;
}
}
2.創建shiro-realm.ini資源文件
#自定義Realm
myRealm=cn.alan.MyRealm
#指定securityManager的realms實現
securityManager.realms=$myRealm
3.測試
@Test
public void testLogin() throws Exception{
//獲得工廠對象
// Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
//獲取SecurityManager對象
SecurityManager securityManager = factory.getInstance();
//將securityManager對象綁定到當前運行環境
SecurityUtils.setSecurityManager(securityManager);
//創建當前登錄對象主體
Subject subject = SecurityUtils.getSubject();
//獲得主體登錄的信息
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("alan","666");
//主體登錄
subject.login(usernamePasswordToken);
//查看是否登錄
System.out.println("登錄是否成功:"+subject.isAuthenticated());
//登出
subject.logout();
System.out.println("登錄是否成功:"+subject.isAuthenticated());
}