packagecom.shiro.bean;importjava.sql.Connection;importjava.sql.DriverManager;importjava.sql.PreparedStatement;importjava.sql.ResultSet;importjava.sql.SQLException;importorg.apache.shiro.authc.AuthenticationException;importorg.apache.shiro.authc.AuthenticationInfo;importorg.apache.shiro.authc.AuthenticationToken;importorg.apache.shiro.authc.SimpleAuthenticationInfo;importorg.apache.shiro.authc.UsernamePasswordToken;importorg.apache.shiro.crypto.hash.SimpleHash;importorg.apache.shiro.realm.AuthenticatingRealm;importorg.apache.shiro.util.ByteSource;/***@authorlayne
* Action方法中执行subject.login(token)时会通过IOC容器调取Realm域进行数据和前端数据比对*/
public class ShiroRealm extendsAuthenticatingRealm {/*** Returns all principals associated with the corresponding Subject. Each principal is an identifying piece of
* information useful to the application such as a username, or user id, a given name, etc - anything useful
* to the application to identify the current Subject
.
* The returned PrincipalCollection should not contain any credentials used to verify principals, such
* as passwords, private keys, etc. Those should be instead returned by {@link#getCredentials() getCredentials()}.
*@returnall principals associated with the corresponding Subject.
*
* doGetAuthenticationInfo,获取认证消息,如果数据库没有数据,返回null.
* AuthenticationInfo可以使用 SimpleAuthenticationInfo实现类,封装给正确用户名和密码
* token参数:需要验证的token*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throwsAuthenticationException {/*** 1.将token转换为UsernamePasswordToken
* 2.获取用户名
* 3.查询数据库,进行验证
* 4.结果返回
* 5.验证不通过,抛出异常*/
//1.将token转换为UsernamePasswordToken
UsernamePasswordToken upToken =(UsernamePasswordToken)token;//2.获取用户名
String userName =upToken.getUsername();//获取用户名后。通过查询用户名查询数据库是否有值,有值则进行密码验证。
SimpleAuthenticationInfo info=null;//3。查询数据库//使用JDBC链接数据库进行查询
try{
Class.forName("com.mysql.jdbc.Driver");
String url="jdbc:mysql://localhost:3306/test";
Connection conn=DriverManager.getConnection(url,"root","");
PreparedStatement ps= conn.prepareStatement("select * from account where name=?");
ps.setString(1, userName);
ResultSet rs=ps.executeQuery();if(rs.next()){
Object principal=userName;
Object credentials=rs.getString(3);
String realmName=this.getName();//设置盐值
ByteSource salt=ByteSource.Util.bytes(userName);//SimpleHash sh=new SimpleHash(algorithmName, source, salt, iterations);//加密类型 加密资源 盐值加密 加密次数//给从数据库中拿到的密码做MD5的加密
SimpleHash sh=new SimpleHash("MD5", credentials, salt, 1024);//info = new SimpleAuthenticationInfo(principal, credentials, realmName);//info = new SimpleAuthenticationInfo(principal, sh, realmName);//通过关于盐值的构造器,将前端传入的密码在加密时再加入盐值
info = newSimpleAuthenticationInfo(principal, sh, salt, realmName);
}else{throw newAuthenticationException();
}
}catch(ClassNotFoundException e) {
e.printStackTrace();
}catch(SQLException e) {
e.printStackTrace();
}returninfo;
}
}