shiro 也有配置文件 类似于spring的ioc容器
纯java写法:
DefaultSecurityManager securityManager=new DefaultSecurityManager(); //设置sucurityManager ModularRealmAuthenticator authenticator=new ModularRealmAuthenticator();//声明多Realm认证 authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy()); //设置认证策略 securityManager.setAuthenticator(authenticator);//为securityManager设置多Realm认证 ModularRealmAuthorizer authorizer=new ModularRealmAuthorizer(); authorizer.setPermissionResolver(new WildcardPermissionResolver()); //设置权限解析器 DruidDataSource druidDataSource=new DruidDataSource(); //配置jdbc连接池 druidDataSource.setDriverClassName("com.mysql.jdbc.Driver"); druidDataSource.setUrl("jdbc:mysql://localhost:3306/shiro_test"); druidDataSource.setUsername("root"); druidDataSource.setPassword("root"); JdbcRealm jdbcRealm = new JdbcRealm(); jdbcRealm.setDataSource(druidDataSource); jdbcRealm.setPermissionsLookupEnabled(true); jdbcRealm.setAuthenticationQuery("select user_password from test_user where user_name = ?");//设置查询sql securityManager.setRealms(Arrays.asList((Realm) jdbcRealm)); SecurityUtils.setSecurityManager(securityManager); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("crazy", "12345"); subject.login(token); Assert.assertTrue(subject.isAuthenticated());同等的shiro-config 配置文件
[main] authenticator=org.apache.shiro.authc.pam.ModularRealmAuthenticator authenticationStrategy=org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy authenticator.authenticationStrategy=$authenticationStrategy securityManager.authenticator=$authenticator authorizer=org.apache.shiro.authz.ModularRealmAuthorizer permissionResolver=org.apache.shiro.authz.permission.WildcardPermissionResolver authorizer.permissionResolver=$permissionResolver securityManager.authorizer=$authorizer dataSource=com.alibaba.druid.pool.DruidDataSource dataSource.driverClassName=com.mysql.jdbc.Driver dataSource.url=jdbc:mysql://localhost:3306/shiro_test dataSource.username=root dataSource.password=root jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm jdbcRealm.authenticationQuery = select user_password from test_user where user_name=? jdbcRealm.dataSource=$dataSource jdbcRealm.permissionsLookupEnabled=true securityManager.realms=$jdbcRealm