1 Subject认证主体
subject认证主体包括两个信息:
principals: 身份,可以是用户名,邮件,手机号码等,用来标识一个登录主体身份。
Credentials: 凭证,常见有密码,数字证书等等。
2 身份认证流程
3 Realm&JDBC Reaml
表示从数据库中获取验证数据。除了从数据库获取,还可以从文件中获取(shiro.ini)。
Realm:意思是域,Shiro 从 Realm 中获取验证数据;
Realm 有很多种类,例如常见的 jdbc realm,jndi realm,text realm。
4 案例(重点讲解如何从数据库中获取shiro验证)
(1)创建一个maven项目
(2)首先创建数据库和表
(3)导入jar包(pom.xml文件)
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>java123</groupId>
<artifactId>java123</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>shiro02</name>
<description>java123</description>
<dependencies>
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.12</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.mchange/c3p0 -->
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.38</version>
</dependency>
</dependencies>
<build/>
</project>
(4)写配置文件jdbc_realm.ini
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
dataSource.driverClass=com.mysql.jdbc.Driver
dataSource.jdbcUrl=jdbc:mysql://localhost:3306/db_shiro
dataSource.user=root
dataSource.password=root
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm
(5)代码
package java123.shiro.com;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ShiroHello {
public static void main(String[] args) {
// 读取配置文件,初始化SecurityManager工厂
Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:jdbc_realm.ini");
// 获取securityManager实例
SecurityManager securityManager=factory.getInstance();
// 把securityManager实例绑定到SecurityUtils
SecurityUtils.setSecurityManager(securityManager);
// 得到当前执行的用户
Subject currentUser=SecurityUtils.getSubject();
System.out.println(currentUser.getPrincipal());
// 创建token令牌,用户名/密码 这里其实就是你要验证的用户 看在数据库中是否存在
UsernamePasswordToken token=new UsernamePasswordToken("wuk","123456");
// 身份认证
try {
currentUser.login(token);//开始进行登录验证
System.out.println("身份认证成功");
//得到当前用户名称
System.out.println(currentUser.getPrincipal());
} catch (AuthenticationException e) {
// TODO Auto-generated catch block
System.out.println("身份认证失败");
e.printStackTrace();
}
// 退出
currentUser.logout();
}
}
注意:数据库的表名称 字段名称在这里都是固定的,我感觉这应该不是固定的,后续肯定会涉及到。