一般自定义Realm继承AuthorizingRealm接口,当执行subject.login()时,程序就会将token传到自定义的Realm
package com.mo.shiro.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
*
* 这是一个Realm
*
*/
public class CustomRealm extends AuthorizingRealm {
//设置CustomRealm的名称
public void setName(String name) {
super.setName("customRealm");
}
//认证
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) throws AuthenticationException {
//token是用户输入的
//第一步:从token里面取出用户的身份信息
String userCode = (String)token.getPrincipal();
//第二步:拿着用户输入的userCode从数据库中查询是否存在该用户
//...数据库
/*模拟从数据库查询到密码,
* 这里是已经根据用户输入的账号在数据库查了,
* 已经是查得有该账户的存在,并将密码也查询出来了,
* 111就是该账户的密码
*/
String password = "111";
//如果查询不到返回null
//如果查询到返回认证信息AuthenticationInfo,AuthenticationInfo是一个接口
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userCode, password, this.getName());
return simpleAuthenticationInfo;
}
//授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
}
创建一个配置文件shiro.ini,将创建好的Realm设置securityManager
[main]
customRealm=com.mo.shiro.realm.CustomRealm
securityManager.realms=$customRealm
测试单元
@Test
public void test1(){
//创建securityManager工厂,通过配置文件创建securityManager工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//通过factory创建SecurityManager实例
SecurityManager securityManager = factory.getInstance();
//通过将securityManager设置到当前的环境中
SecurityUtils.setSecurityManager(securityManager);
//从SecurityUtils中得到一个subject,subject就是实体
Subject subject = SecurityUtils.getSubject();
//在实体登录之前创建一个令牌token,
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","111");
try {
//实体的登录
subject.login(token);
} catch (AuthenticationException e) {
//登录失败就会抛出异常
e.printStackTrace();
}
//查看认证是否通过,返回的是一个boolean数据类型
boolean authenticated = subject.isAuthenticated();
System.out.println(authenticated);
}