首先几个类先建一下
package com.test.Controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
/**
-
@Author: shiyi
-
@Description:
-
@Date: Create in 15:37 2019/8/15
*/
public class LoginController {
@SuppressWarnings(“deprecation”)
public static void main(String[] args) {//模拟获取登录的账号密码 String username = "spiderman"; String password = "123456"; //将账号密码封装到token(令牌)中 UsernamePasswordToken token = new UsernamePasswordToken(username, password); //创建安全管理工厂 IniSecurityManagerFactory securityManagerFactory = new IniSecurityManagerFactory("classpath:shiro.ini"); //获取DefaultSecurityManager安全管理对象 SecurityManager securityManager = securityManagerFactory.getInstance(); //把安全管理器绑定到当前运行环境 SecurityUtils.setSecurityManager(securityManager); //从当前环境里面得到Subject主体对象 Subject subject = SecurityUtils.getSubject(); try { subject.login(token); System.out.println("登陆成功!"); } catch (IncorrectCredentialsException e) { System.err.println("密码不正确"); }catch (UnknownAccountException e) { System.err.println("用户名不存在"); }
// boolean hasSysRole = subject.hasRole(“systemAdmin”);
// boolean hasStatRole = subject.hasRole(“statisticsAdmin”);
// System.out.println(“用户是否拥有systemAdmin角色:” + hasSysRole);
// System.out.println(“用户是否拥有statisticsAdmin角色:” + hasStatRole);
//
// boolean[] permitted = subject.isPermitted(“user:query”,“user:delete”);
// System.out.println(“用户是否拥有user:query和user:delete的权限:” + Arrays.toString(permitted));
}
}
package com.test.domain;
/**
-
@Author: shiyi
-
@Description:
-
@Date: Create in 15:14 2019/8/15
*/
public class User {
private String userName;
private String password;public User(String userName, String password) {
this.userName = userName;
this.password = password;
}public String getUserName() {
return userName;
}public void setUserName(String userName) {
this.userName = userName;
}public String getPassword() {
return password;
}public void setPassword(String password) {
this.password = password;
}
}
package com.test.realm;
import com.test.domain.User;
import java.util.List;
/**
-
@Author: shiyi
-
@Description:
-
@Date: Create in 15:14 2019/8/15
*/
public class ActiveUser {
private User user;private List roles;
private List permissions;
public User getUser() {
return user;
}public void setUser(User user) {
this.user = user;
}public List getRoles() {
return roles;
}public void setRoles(List roles) {
this.roles = roles;
}public List getPermissions() {
return permissions;
}public void setPermissions(List permissions) {
this.permissions = permissions;
}
}
package com.test.realm;
import com.test.domain.User;
import com.test.service.UserService;
import com.test.service.impl.UserServiceImpl;
import com.test.util.MD5Utils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.List;
/**
-
@Author: shiyi
-
@Description:
-
@Date: Create in 15:15 2019/8/15
*/
public class UserRealm extends AuthorizingRealm {
//模拟Spring的IoC/DI的自动装配
UserService userService = new UserServiceImpl();@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//从principals中获取当前的User
ActiveUser user = (ActiveUser) principals.getPrimaryPrincipal();
System.out.println(user.getUser().getPassword());
//获取当前的principal身份信息(一般是用户名、邮箱或者手机号等等)
List roles = user.getRoles();
List permissions = user.getPermissions();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
//添加用户角色,实际开发中这些信息都是在数据库中查询出来的
if(null != roles && roles.size() > 0) {
authorizationInfo.addRoles(roles);
}
//添加用户权限
if(null != permissions && permissions.size() > 0) {
authorizationInfo.addStringPermissions(permissions);
}
//将用户原本的权限也添加进去
authorizationInfo.addStringPermissions(user.getPermissions());
return authorizationInfo;
}@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取当前的principal身份信息(一般是用户名、邮箱或者手机号等等)
String principal = (String) token.getPrincipal();
System.out.println(“Current principal is " + principal);
//获取当前的credential凭证信息(一般是密码等等)
char[] credentials = (char[]) token.getCredentials();
String credential = new String(credentials);
System.out.println(“Current credential is " + credential);
System.out.println(”###@#####################################################”);
//获取账号信息
String userName = principal.toString();
//根据userrname获取用户
User user = userService.queryUserByUserName(userName);
//判断用户是否存在
if(null != user) {
//模拟获取用户的角色和权限
List roles = userService.queryRolesByUserName(user.getUserName());
List permissions = userService.queryPermissionsByUserName(user.getUserName());
ActiveUser activeUser = new ActiveUser();
//将用户,用户角色,用户权限存储在principals容器中,便于在doGetAuthorizationInfo()中获取
activeUser.setPermissions(permissions);
activeUser.setRoles(roles);
activeUser.setUser(user);
/**
* arg1:参数传递对象 可以在授权的方法或者在subject里面得到,相当与一个可贯穿整个流程的容器
* arg2:数据库中查出来的密码,一般是加密之后的密码,后面我们会讲到MD5加密
* arg3:当前的Realm的名称
*
*/
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(activeUser, user.getPassword(),
ByteSource.Util.bytes(user.getUserName())
, this.getName());
return authenticationInfo;
} else {
return null;
}
}
}
这里注意下使用盐值一堆要加上盐值凭证,你盐值用的什么加什么就行 ByteSource.Util.bytes(user.getUserName())
package com.test.service.impl;
import com.test.domain.User;
import com.test.service.UserService;
import com.test.util.MD5Utils;
import org.apache.shiro.crypto.hash.Md5Hash;
import java.util.ArrayList;
import java.util.List;
/**
-
@Author: shiyi
-
@Description:
-
@Date: Create in 15:16 2019/8/15
*/
public class UserServiceImpl implements UserService {@Override
public User queryUserByUserName(String userName) {
//模拟数据库查询用户信息
switch (userName) {
case “spiderman”:
return new User(“spiderman”, new Md5Hash(“123456”,“spiderman”,2).toHex());
//MD5Utils.md5HashTwiceWithSalt(“123456”,“spiderman”,2));
case “ironman”:
return new User(“ironman”, “123456”);
case “marco”:
return new User(“marco”, “123456”);
default:
return null;
}
}@Override
public List queryRolesByUserName(String userName) {
//模拟给用户授权角色
List roles = new ArrayList<>();
roles.add(“systemAdmin”);
roles.add(“statisticsAdmin”);
roles.add(“customerAdmin”);
return roles;
}@Override
public List queryPermissionsByUserName(String userName) {
//模拟给角色分配权限
List permissions = new ArrayList<>();
permissions.add(“user:query”);
permissions.add(“user:delete”);
permissions.add(“user:add”);
return permissions;
}
}
package com.test.util;
import org.apache.shiro.crypto.hash.Md5Hash;
/**
- @Author: shiyi
- @Description:
- @Date: Create in 17:32 2019/8/15
/
public class MD5Utils {
public static void main(String[] args) {
//原密码
String source = “123456”;
//加密一次不加盐
Md5Hash md5HashOnce = new Md5Hash(source);
System.out.println(“加密一次不加盐:” + md5HashOnce);
//加密一次加盐(这里使用的盐是用户名)
Md5Hash md5HashOnceWithSalt = new Md5Hash(source, “marco”);
System.out.println(“加密一次加盐:” + md5HashOnceWithSalt);
//加密两次加盐(这里使用的盐是用户名)
Md5Hash md5HashTwiceWithSalt = new Md5Hash(source, “marco”, 2);
System.out.println(“加密两次加盐:” + md5HashTwiceWithSalt);
}
/*- 设置UserRealm的加密规则
- @param source
- @param salt
- @param hashIterations
- @return
*/
public static String md5HashTwiceWithSalt(String source, String salt, Integer hashIterations) {
return new Md5Hash(source, salt, hashIterations).toString();
}
}
然后你们会发现这些创建好之后就能直接用了,emmm要看具体过程的话,呐传送门就注意下我文章中间那一段就行了