1.Authentication:用户认证
需要将用户的身份(Principals)和凭证(Credentials)提交给shiro,
Principals:用户的身份信息,是Subject的标志属性。能够唯一标识Subject。如电话号码,身份号码等
Credentials:凭证:密码是只被Subject知道的秘密值,可以使密码,也可以是数字证书等
Principals/Credentials最常见的组合:用户名/密码。在shiro中通常使用UsernamePasswordToken来指定身份和凭证信息
2.在shiro中的认证流程
3.代码实现:
a)新建java项目
b)导入shiro相关jar包
c)编写shiro的数据文件--配置
d)编码测试
package com.java.shiro;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.util.Factory;
public class Helloworld {
public static void main(String[] args) {
//读取配置文件,初始化SecurityManager工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//获取securityManager实例
SecurityManager securityManager = factory.getInstance();
//把securityManager实例绑定到SecurityUtils
SecurityUtils.setSecurityManager(securityManager);
//得到当前执行的用户
Subject subject = SecurityUtils.getSubject();
//创建用户令牌,用户名、密码
UsernamePasswordToken token = new UsernamePasswordToken("java","123456");
if(){}else{}
try {
//登录
subject.login(token);
System.out.println("身份认证成功!");
}catch(IncorrectCredentialsException e){
e.printStackTrace();
System.out.println("密码错误!");
}catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("用户名错误!");
}catch (AuthenticationException e) {
e.printStackTrace();
System.out.println("身份认证失败!");
}
subject.logout();
}
}