自定义Realm步骤
实现认证基本步骤
1、自定义reaml,继承 AuthorizingRealm 重写3方法:getName doGetAuthorizationInfo doGetAuthenticationInfo
package com.bdqn;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyReaml extends AuthorizingRealm {
/**
* 一般情况下,都会重写这个方法,重写名字
* @return
*/
@Override
public String getName() {
return "MyReaml";
}
//授权操作
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//认证操作
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
return null;
}
}
2、配置ini文件, 指定使用自定义realm
3、加载配置文件shiro-realm.ini, 执行登录操作
@Test
public void MyReaml(){
//1、创建SecurityManager工厂,IniSecurityManagerFactory可以从ini文件中初始化SecurityManager环境
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
//2、,创建Security通过工厂对象Manger对象
SecurityManager securityManager = factory.getInstance();
//3、将securityManager设置到运行环境中,让系统随时随地访问securityManager
SecurityUtils.setSecurityManager(securityManager);
//4、创建当前登录主体
Subject subject = SecurityUtils.getSubject();
//5、收集主体登录的身份/凭证,即账号密码
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","666");
//6、主体登录
subject.login(token);
//7、判断登录是否成功
System.out.println("验证登录是否成功:"+subject.isAuthenticated());
//8、登出(注销)
subject.logout();
System.out.println("验证登录是否成功:"+subject.isAuthenticated());
}
以上代码只需要变动:
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
来加载 第二步 的ini
配置文件
自定义Realm 实现认证
1、自定义reaml,继承 AuthorizingRealm 重写3方法:getName doGetAuthorizationInfo doGetAuthenticationInfo,在这里直接贴出认证中的代码
//认证操作
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println(authenticationToken);
// authenticationToken 表示 : 登录时封装的UserNamePassWordToken
String userName = (String) authenticationToken.getPrincipal();
System.out.println(userName);
if (!"zhangsan".equals(userName)) {
return null;
}
String pwd = "666";
// info对象 表示 Realm 登录比对信息
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userName,pwd,getName());
return info;
2、配置ini文件, 指定使用自定义realm
3、加载配置文件shiro-realm.ini, 执行登录操作
@Test
public void MyReaml(){
//1、创建SecurityManager工厂,IniSecurityManagerFactory可以从ini文件中初始化SecurityManager环境
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
//2、,创建Security通过工厂对象Manger对象
SecurityManager securityManager = factory.getInstance();
//3、将securityManager设置到运行环境中,让系统随时随地访问securityManager
SecurityUtils.setSecurityManager(securityManager);
//4、创建当前登录主体
Subject subject = SecurityUtils.getSubject();
//5、收集主体登录的身份/凭证,即账号密码
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","666");
//6、主体登录
subject.login(token);
//7、判断登录是否成功
System.out.println("验证登录是否成功:"+subject.isAuthenticated());
//8、登出(注销)
subject.logout();
System.out.println("验证登录是否成功:"+subject.isAuthenticated());
}
自定义Realm 实现授权
1、自定义reaml,继承 AuthorizingRealm 重写3方法:getName doGetAuthorizationInfo doGetAuthenticationInfo,在这里直接贴出授权中的代码
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//principalCollection: 用户认证凭证信息
//SimpleAuthorizationInfo:认证方法返回封装认证信息中的第一个参数:用户信息
String userName = (String) principalCollection.getPrimaryPrincipal();
//模拟查询数据库
List<String> roles = new ArrayList<String>();
List<String> permission = new ArrayList<String>();
//假设用户在数据库中有role1角色
roles.add("role1");
permission.add("user:delete");
//假设用户在数据库中拥有user:delete权限
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roles);
info.addStringPermissions(permission);
return info;
}
2、配置ini文件, 指定使用自定义realm
3、加载配置文件shiro-realm.ini, 执行登录操作
@Test
public void testHasRow1(){
//1、创建SecurityManager工厂,IniSecurityManagerFactory可以从ini文件中初始化SecurityManager环境
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-permission-realm.ini");
//2、,创建Security通过工厂对象Manger对象
SecurityManager securityManager = factory.getInstance();
//3、将securityManager设置到运行环境中,让系统随时随地访问securityManager
SecurityUtils.setSecurityManager(securityManager);
//4、创建当前登录主体
Subject subject = SecurityUtils.getSubject();
//5、收集主体登录的身份/凭证,即账号密码
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","666");
//6、主体登录
subject.login(token);
//7、判断登录是否成功
System.out.println("验证登录是否成功:"+subject.isAuthenticated());
//查看用户有没有delete权限
System.out.println(subject.isPermitted("user:delete"));
//查看用户是否是role1角色
System.out.println(subject.hasRole("role1"));
}