[main]
#默认是/login.jsp
authc.loginUrl=/login
#roles匹配失败跳转页面
roles.unauthorizedUrl=/unauthorized
#perms匹配失败跳转页面
perms.unauthorizedUrl=/unauthorized
org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
Shiro 内置了登录(身份验证)的实现:基于表单的和基于 Basic 的验证,其通过拦截器实现。
[main]
authcBasic.applicationName=please login
perms.unauthorizedUrl=/unauthorized
roles.unauthorizedUrl=/unauthorized
[users]
zhang=123,admin
wang=123
[roles]
admin=user:*,menu:*
[urls]
/role=authcBasic,roles[admin]
realm
#指定securityManager的authenticator实现
authenticator=org.apache.shiro.authc.pam.ModularRealmAuthenticator
securityManager.authenticator=$authenticator
#指定securityManager.authenticator的authenticationStrategy
allSuccessfulStrategy=org.apache.shiro.authc.pam.AllSuccessfulStrategy
securityManager.authenticator.authenticationStrategy=$allSuccessfulStrategy
SecurityManager 接口继承了 Authenticator,另外还有一个 ModularRealmAuthenticator 实现,
其委托给多个 Realm 进行验证,验证规则通过 AuthenticationStrategy 接口指定,默认提供
的实现:
FirstSuccessfulStrategy:只要有一个 Realm 验证成功即可,只返回第一个 Realm 身份验证
成功的认证信息,其他的忽略;
AtLeastOneSuccessfulStrategy:只要有一个 Realm 验证成功即可,和 FirstSuccessfulStrategy
不同,返回所有 Realm 身份验证成功的认证信息;
AllSuccessfulStrategy:所有 Realm 验证成功才算成功,且返回所有 Realm 身份验证成功的
认证信息,如果有一个失败就失败了
ModularRealmAuthenticator 默认使用 AtLeastOneSuccessfulStrategy 策略。
例:
myRealm1=com.shiro.chapter2.realm.MyRealm1
myRealm2=com.shiro.chapter2.realm.MyRealm2
myRealm3=com.shiro.chapter2.realm.MyRealm3
#securityManager.realms指定顺序,未指定的不加载。未设置默认顺序。
securityManager.realms=$myRealm1,$myRealm2
package com.github.zhangkaitao.shiro.chapter2.realm;
import org.apache.shiro.authc.*;
import org.apache.shiro.realm.Realm;
import java.util.List;
/**
* <p>User: Zhang Kaitao
* <p>Date: 14-1-25
* <p>Version: 1.0
*/
public class MyRealm1 implements Realm {
@Override
public String getName() {
return "myrealm1";
}
@Override
public boolean supports(AuthenticationToken token) {
return token instanceof UsernamePasswordToken; //仅支持UsernamePasswordToken类型的Token
}
@Override
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String)token.getPrincipal(); //得到用户名
String password = new String((char[])token.getCredentials()); //得到密码
if(!"lyy".equals(username)) {
throw new UnknownAccountException(); //如果用户名错误
}
if(!"123".equals(password)) {
throw new IncorrectCredentialsException(); //如果密码错误
}
//如果身份认证验证成功,返回一个AuthenticationInfo实现;
return new SimpleAuthenticationInfo(username, password, getName());
}
}
JDBC realm
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/shiro
dataSource.username=root
dataSource.password=root
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm
org.apache.shiro.realm.jdbc.JdbcRealm定义大概:
package org.apache.shiro.realm.jdbc;
extends AuthorizingRealm {
protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password from users where username = ?";
protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt from users where username = ?";
protected static final String DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where username = ?";
protected static final String DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions where role_name = ?";
private static final Logger log = LoggerFactory.getLogger(JdbcRealm.class);
protected DataSource dataSource;
protected String authenticationQuery = "select password from users where username = ?";
protected String userRolesQuery = "select role_name from user_roles where username = ?";
protected String permissionsQuery = "select permission from roles_permissions where role_name = ?";
继承
org.apache.shiro.authc.pam.AbstractAuthenticationStrategy
配置
#指定securityManager.authenticator的authenticationStrategy
allSuccessfulStrategy=com.github.zhangkaitao.shiro.chapter2.authenticator.strategy.AtLeastTwoAuthenticatorStrategy
securityManager.authenticator.authenticationStrategy=$allSuccessfulStrategy
//在所有 Realm 验证之前调用
AuthenticationInfo beforeAllAttempts(
Collection<? extends Realm> realms, AuthenticationToken token)
throws AuthenticationException;
//在每个 Realm 之前调用
AuthenticationInfo beforeAttempt(
Realm realm, AuthenticationToken token, AuthenticationInfo aggregate)
throws AuthenticationException;
//在每个 Realm 之后调用
AuthenticationInfo afterAttempt(
Realm realm, AuthenticationT
在这里插入代码片
[roles]
配置角色(roles),角色权限(perms)
admin=user:*,menu:*
userd=user:*
[users]
指定主体(用户名,密码,角色。)
[users]
zhang=123,admin
wang=123
[urls]
/logout2=logout
/login=anon
/logout=anon
/unauthorized=anon
/static/**=anon
/authenticated=authc
/role=authc,roles[admin]
/permission=authc,perms["user:create"]
多个配置例如
url=拦截器[参数],拦截器[参数]
拦截器 | 定义 |
---|---|
anon | 匿名访问 |
authc | 登录用户 |
roles[admin] | 需要admin角色授权 |
perms[“user:create”] | 需要user:create权限 |
logout | 退出 |
url 模式使用 Ant 风格模式 Ant 路径通配符支持?、*、,
注意通配符匹配不包括目录分隔符“/”:
?:匹配一个字符,如”/admin?”将匹配/admin1,但不匹配/admin 或/admin2;
*:匹配零个或多个字符串,如/admin*将匹配/admin、/admin123,但不匹配/admin/1;
**:匹配路径中的零个或多个路径,如/admin/将匹配/admin/a 或/admin/a/b。
关于[urls]配置,跟多参考这里