項目結構:
1:自定義reaml,繼承 AuthorizingRealm 重寫3方法:getName doGetAuthorizationInfo doGetAuthenticationInfo
public class MyRealm extends AuthorizingRealm {
public String getName(){
return "MyRealm";
}
//授權操作
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//認證操作
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//參數token:表示登陸時保證的UsernamePasswordToken
//通過用戶名到數據庫中查用戶信息,封裝成一個AuthenticationInfo認證對象返回,方便認證器進行對比
String username =(String) authenticationToken.getPrincipal();
//通過用戶名查詢數據庫,講改用戶對應數據查詢返回:賬號與密碼
//假設查詢數據庫返回數據爲:zhangsan 666
if(!"zhangsan".equals(username)){
return null;
}
String password="666";
//info對象表示realm登陸對比信息,(用戶名,密碼,realm名字)
SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,password,getName());
return info;
}
}
2:配置ini文件, 指定使用自定義realm
#自定義realm
myRealm=com.fxys.day02Realm.MyRealm
#指定Securitymanager的realm實現
securityManager.realms=$myRealm
3:加載配置文件shiro-realm.ini, 執行登錄操作
public class ShiroTest2 {
public static void main(String[] args) throws ClassNotFoundException {
//1.創建SecurityManager工廠對象,並加載配置文件
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
//2.通過工廠對象,創建SecurityManager對象
SecurityManager securityManager = factory.getInstance();
//3.講SecurityManager綁定到當前運行環境中,讓系統隨時隨地都可以訪問securitymanager對象
SecurityUtils.setSecurityManager(securityManager);
//4.創建當前登錄主體,注意,此時主體沒有經過認證
Subject subject = SecurityUtils.getSubject();
//5.收集主體登陸的身份/憑着,即賬號密碼
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "666");
try {
//6.主體登陸,如果賬號或者密碼其中一個錯誤,則拋出異常
subject.login(token);
} catch (Exception e) {
e.printStackTrace();
}
//7.判斷是否成功
System.out.println("登陸是否成功" + subject.isAuthenticated());
//8.登出(註銷)
subject.logout();
System.out.println("登陸是否成功" + subject.isAuthenticated());
}
}
4.控制檯輸出
