一、使用ini完成认证
1.maven依赖
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
2.创建.ini资源文件
[users]
#账号=密码
alan=666
3.创建测试类
package cn.alan;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;
/*
测试shiro登录操作
*/
public class ShiroTest {
@Test
public void testLogin() throws Exception{
//获得工厂对象
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//获取SecurityManager对象
SecurityManager securityManager = factory.getInstance();
//将securityManager对象绑定到当前运行环境
SecurityUtils.setSecurityManager(securityManager);
//创建当前登录对象主体
Subject subject = SecurityUtils.getSubject();
//获得主体登录的信息
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("alan","666");
//主体登录
subject.login(usernamePasswordToken);
//查看是否登录
System.out.println("登录是否成功:"+subject.isAuthenticated());
//登出
subject.logout();
System.out.println("登录是否成功:"+subject.isAuthenticated());
}
}
4.登录登出流程图
二、自定义Realm
1.新建MyRealm集成AuthorizingRealm
package cn.alan;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
@Override
public String getName(){
return "MyRealm";
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//授权
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//认证
//authenticationToken是封装了UsernamePasswordToken
//通过用户名到数据库查找用户信息,封装成AuthenticationInfo对象返回
String username = (String)authenticationToken.getPrincipal();
//模拟数据库操作
if(!username.equals("alan")){
return null;
}
String password = "666";
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,password,getName());
return info;
}
}
2.创建shiro-realm.ini资源文件
#自定义Realm
myRealm=cn.alan.MyRealm
#指定securityManager的realms实现
securityManager.realms=$myRealm
3.测试
@Test
public void testLogin() throws Exception{
//获得工厂对象
// Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
//获取SecurityManager对象
SecurityManager securityManager = factory.getInstance();
//将securityManager对象绑定到当前运行环境
SecurityUtils.setSecurityManager(securityManager);
//创建当前登录对象主体
Subject subject = SecurityUtils.getSubject();
//获得主体登录的信息
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("alan","666");
//主体登录
subject.login(usernamePasswordToken);
//查看是否登录
System.out.println("登录是否成功:"+subject.isAuthenticated());
//登出
subject.logout();
System.out.println("登录是否成功:"+subject.isAuthenticated());
}