身份认证
1、Subject认证主体
Subject认证 包含两个信息:
Principals:身份,可以是用户名,邮件,手机号码等等,用来标识一个登录主体身份;
Credentials:凭证,常见有密码,数字证书等等;
2、身份认证流程
3、realm&realm jdbc
realm:域,shiro从Realm中获取验证数据;
realm有很多种类,例如常见的jdbc realm,jndi realm,text realm
这里我们着重介绍jdbc realm
首先,创建数据库和表
添加依赖包,c3p0,common-logging,mysql 驱动
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.39</version>
</dependency>
添加配置文件jdbc_realm.ini
示例代码:
package com.feiyang;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class JdbcRealmTest {
public static void main(String[] args) {
//读取配置文件,初始化SecurityManager工厂
Factory<SecurityManager> factory =
new IniSecurityManagerFactory("classpath:jdbc_realm.ini");
//获取securityManager实例
SecurityManager securityManager = factory.getInstance();
//把securityManager实例绑定到SecurityUtils
SecurityUtils.setSecurityManager(securityManager);
//得到当前执行的用户
Subject subject = SecurityUtils.getSubject();
//创建token令牌,用户名/密码
UsernamePasswordToken token = new UsernamePasswordToken("feiyang","123456");
try{
//身份验证
subject.login(token);
System.out.println("身份登录成功 ");
}catch(Exception e){
e.printStackTrace();
System.out.println("身份登录成失败");
}
//退出
subject.logout();
}
}
ok.接下来可以进行测试了,测试结果: