05自定义Realm实现认证
Shiro默认使用自带的IniRealm,IniRealm从ini配置文件中读取用户的信息,大部分情况下需要从系统的数据库中读取用户信息,所以需要自定义Realm
1.Realm接口
最基础的是Realm接口,CachingRealm负责缓存处理,AuthenticatingRealm负责认证,AuthorizingRealm负责授权,通常已定义的realm继承AuthorizingRealm
2.实现步骤
1.创建项目
2.创建User类
package com. domain;
import java. util. Date;
public class User {
private Integer id;
private String username;
private String pwd;
private Date createtime;
public User ( ) {
}
public User ( Integer id, String username, String pwd, Date createtime) {
this . id = id;
this . username = username;
this . pwd = pwd;
this . createtime = createtime;
}
public Integer getId ( ) {
return id;
}
public void setId ( Integer id) {
this . id = id;
}
public String getUsername ( ) {
return username;
}
public void setUsername ( String username) {
this . username = username;
}
public String getPwd ( ) {
return pwd;
}
public void setPwd ( String pwd) {
this . pwd = pwd;
}
public Date getCreatetime ( ) {
return createtime;
}
public void setCreatetime ( Date createtime) {
this . createtime = createtime;
}
}
3.创建UserService
package com. service;
import com. domain. User;
public interface UserService {
public User queryUserByUserName ( String username) ;
}
4.创建UserServiceImpl
package com. service. impl;
import com. domain. User;
import com. service. UserService;
import java. util. Date;
public class UserServiceImpl implements UserService {
public User queryUserByUserName ( String username) {
User user = null;
switch ( username) {
case "zhangsan" :
user = new User ( 1 , "zhangsan" , "123456" , new Date ( ) ) ;
break ;
case "lisi" :
user = new User ( 1 , "lisi" , "123456" , new Date ( ) ) ;
break ;
case "wangwu" :
user = new User ( 1 , "wangwu" , "123456" , new Date ( ) ) ;
break ;
}
return user;
}
}
5.创建UserRealm
package com. realm;
import com. domain. User;
import com. service. UserService;
import com. service. impl. UserServiceImpl;
import org. apache. shiro. authc. AuthenticationException;
import org. apache. shiro. authc. AuthenticationInfo;
import org. apache. shiro. authc. AuthenticationToken;
import org. apache. shiro. authc. SimpleAuthenticationInfo;
import org. apache. shiro. realm. AuthenticatingRealm;
public class UserRealm extends AuthenticatingRealm {
private UserService userService = new UserServiceImpl ( ) ;
@Override
protected AuthenticationInfo doGetAuthenticationInfo ( AuthenticationToken token) throws AuthenticationException {
String username = token. getPrincipal ( ) . toString ( ) ;
token. getCredentials ( ) ;
System. out. println ( username) ;
User user = userService. queryUserByUserName ( username) ;
if ( null != user) {
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo ( user, user. getPwd ( ) , this . getName ( ) ) ;
return info;
} else {
return null;
}
}
}
6.修改shiro.ini(可改可不改)
[ main]
#创建UserRealm对象
userRealm= com. realm. UserRealm
#把当前对象给安全管理器
#securityManager= org. apache. shiro. mgt. DefaultSecurityManager
securityManager. realm= $userRealm
7.测试
package com. shiro;
import com. realm. UserRealm;
import org. apache. shiro. SecurityUtils;
import org. apache. shiro. authc. *;
import org. apache. shiro. config. IniSecurityManagerFactory;
import org. apache. shiro. mgt. DefaultSecurityManager;
import org. apache. shiro. mgt. SecurityManager;
import org. apache. shiro. subject. Subject;
import org. apache. shiro. util. Factory;
import org. slf4j. Logger;
import org. slf4j. LoggerFactory;
public class TestAuthorizationApp {
private static final transient Logger log = LoggerFactory. getLogger ( TestAuthorizationApp. class ) ;
@SuppressWarnings ( "deprecation" )
public static void main ( String[ ] args) {
String username = "zhangsan" ;
String password = "123456" ;
log. info ( "My First Apache Shiro Application" ) ;
Factory< SecurityManager> factory = new IniSecurityManagerFactory ( "classpath:shiro.ini" ) ;
DefaultSecurityManager securityManager = ( DefaultSecurityManager) factory. getInstance ( ) ;
UserRealm realm = new UserRealm ( ) ;
securityManager. setRealm ( realm) ;
SecurityUtils. setSecurityManager ( securityManager) ;
Subject subject = SecurityUtils. getSubject ( ) ;
AuthenticationToken token = new UsernamePasswordToken ( username, password) ;
try {
subject. login ( token) ;
System. out. println ( "认证通过" ) ;
Object principal = subject. getPrincipal ( ) ;
System. out. println ( principal) ;
} catch ( IncorrectCredentialsException e) {
System. out. println ( "密码不正确" ) ;
} catch ( UnknownAccountException e) {
System. out. println ( "用户名不存在" ) ;
}
}
}