1.创建一个自定义的Realm类
该类继承AuthorizingRealm类,共实现两个方法,分别是授权方法doGetAuthorizationInfo和用户认证方法doGetAuthenticationInfo。
使用Map模拟数据库环境,提供三个方法分别获取用户信息,用户角色信息,用户权限信息。
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
public class CustomRealm extends AuthorizingRealm {
//充当数据库的作用
Map<String,String> usermap=new HashMap<String, String>(16);
{
/*密码为MD5算法之后的结果*/
usermap.put("mark","debd83bca36c128b8ea06d94ef54d551");
super.setName("customrealm");
}
/**
*用来做授权的方法
* @param principalCollection
* @return
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String username=(String)principalCollection.getPrimaryPrincipal();
/*获取角色信息*/
Set<String> roles=getRolesByUserName(username);
/*获取授权信息*/
Set<String> premission=getPermissionByUsername(username);
SimpleAuthorizationInfo simpleAuthenticationInfo=new SimpleAuthorizationInfo();
simpleAuthenticationInfo.setRoles(roles);
simpleAuthenticationInfo.setStringPermissions(premission);
return simpleAuthenticationInfo;
}
/*获取授权内容*/
private Set<String> getPermissionByUsername(String username) {
Set<String> maps=new HashSet<String>();
maps.add("user:delete");
maps.add("user:add");
return maps;
}
/*获取角色内容*/
private Set<String> getRolesByUserName(String username) {
Set<String> maps=new HashSet<String>();
maps.add("admin");
maps.add("user");
return maps;
}
/**
*用来做认证的方法
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1.从主体的认证信息中获取用户名
String username = (String) authenticationToken.getPrincipal();
//2.通过用户名到数据库中获取凭证
String password=getPassWordByUserName(username);
if(password==null) return null;
SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(username,password,"customrealm");
//解盐
simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("mark"));
return simpleAuthenticationInfo;
}
/*模拟数据库查询语句*/
private String getPassWordByUserName(String username){
return usermap.get(username);
}
}
2.定义测试类
import com.realm.CustomRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
public class CustomerRealmTest {
@Test
public void test1(){
/*创建自定义的Realm类*/
CustomRealm customRealm=new CustomRealm();
//构建securityManager环境
DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager();
defaultSecurityManager.setRealm(customRealm);
/*实例化加密类*/
HashedCredentialsMatcher hashedCredentialsMatcher=new HashedCredentialsMatcher();
/*设置为md5算法*/
hashedCredentialsMatcher.setHashAlgorithmName("md5");
/*加密次数为1*/
hashedCredentialsMatcher.setHashIterations(1);
customRealm.setCredentialsMatcher(hashedCredentialsMatcher);
//主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject=SecurityUtils.getSubject();
/*创建用户实体*/
UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken("mark","1234567");
subject.login(usernamePasswordToken);
/*验证用户信息*/
System.out.println(subject.isAuthenticated());
/*验证角色信息*/
subject.checkRole("user");
/*验证权限信息*/
subject.checkPermission("user:delete");
}
}测试结果:true
1.用户认证的结果为true,需要了解的是map里的密码为MD5算法之后的字符串,所以取密码时需要解盐。
2.验证角色信息和权限信息,没有抛异常说明验证成功
这里的测试用map模拟数据库环境,如果需要使用到数据库,将map该为dao对象即可。核心是认证和授权的两个方法。
扫一扫
1414
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
