一个入门示例:
public class IniRealmTest {
SimpleAccountRealm simpleAccountRealm=new SimpleAccountRealm();
@Before
public void add(){
simpleAccountRealm.addAccount("lihao","123","admin");
}
@Test
public void testIni(){
//1.构建SecurityManager环境
DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager();
defaultSecurityManager.setRealm(simpleAccountRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
//2.主体提交认证请求
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("lihao","123");
subject.login(token);
System.out.println(subject.isAuthenticated());
subject.checkRole("admin");
}
}
iniRealm示例
配置ini文件:
[users]
lihao=123,admin
[roles]
admin=user:delete
代码:
public class IniRealmTest {
IniRealm iniRealm=new IniRealm("classpath:user.ini");
@Test
public void testIni(){
//1.构建SecurityManager环境
DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager();
defaultSecurityManager.setRealm(iniRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
//2.主体提交认证请求
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("lihao","123");
subject.login(token);
System.out.println(subject.isAuthenticated());
subject.checkRole("admin");
subject.checkPermission("user:delete");
;
}
}
自定义Realm
public class MyRealm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//从主体传过来的数据中获得用户名
String username= (String) principalCollection.getPrimaryPrincipal();
//由用户名从数据库中获得相关的角色信息和权限信息(方便起见,此处略去)
Set<String> roles=new HashSet<>();
roles.add("sunzhilin");
Set<String> permissions=new HashSet<>();
permissions.add("user:update");
permissions.add("user:delete");
//设置角色(也可以和权限一样单独设置: simpleAuthorizationInfo.setRoles();
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo(roles);
//设置权限
simpleAuthorizationInfo.setStringPermissions(permissions);
return simpleAuthorizationInfo;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//从主体传过来的数据中获得用户名
String username= (String) authenticationToken.getPrincipal();
//通过用户名从数据库中获得密码(方便起见,此处略去)
String password="123";
//判断并返回
SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(username,password,"name");
return simpleAuthenticationInfo;
}
}
测试代码如下
public class MyRealmTest {
@Test
public void myRealmTest(){
config.MyRealm myRealm=new config.MyRealm();
DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager();
defaultSecurityManager.setRealm(myRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("lihao","123");
subject.login(token);
System.out.println(subject.isAuthenticated());
subject.checkRole("sunzhilin");
subject.checkPermissions("user:delete","user:update");
}
}
加密:
上述代码对密码的处理结果都是明文,在实际过程中是不可取的
一般采取hdm5算法&加盐&散列,提高安全性。
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//从主体传过来的数据中获得用户名
String username= (String) authenticationToken.getPrincipal();
//通过用户名从数据库中获得密码(方便起见,此处略去)
String password="123";
//密码使用md5加密,并设计盐(一般为随机,此处简单设置为固定值)和散列次数
Md5Hash md5Hash=new Md5Hash(password,"addSalt",1024);
String newPassword=md5Hash.toString();
SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(username,newPassword,this.getName());
//加盐,与上面相同的值
simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("addSalt"));
return simpleAuthenticationInfo;
}
public class MyRealmTest {
@Test
public void myRealmTest(){
config.MyRealm myRealm=new config.MyRealm();
DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager();
defaultSecurityManager.setRealm(myRealm);
SecurityUtils.setSecurityManager(defaultSecurityManager);
//构造hash凭证匹配器
HashedCredentialsMatcher matcher=new HashedCredentialsMatcher();
//设置加密算法为md5算法
matcher.setHashAlgorithmName("md5");
//设置散列1024次(即进行1024次循环加密)
matcher.setHashIterations(1024);
//加入到自定义的Realm中
myRealm.setCredentialsMatcher(matcher);
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("lihao","123");
subject.login(token);
System.out.println(subject.isAuthenticated());
subject.checkRole("sunzhilin");
subject.checkPermissions("user:delete","user:update");
}
}