shiro笔记
shiro认证的关键对象
subject 主体
principal 身份信息
credential 凭证信息
package com.gdw;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
import sun.security.krb5.Realm;
public class TestAuthenticator {
public static void main(String[] args) {
//1.创建安全管理器对象
DefaultSecurityManager securityManager = new DefaultSecurityManager();
//2.为安全管理器设置realm
securityManager.setRealm(new IniRealm("classpath:shiro.ini"));
//3.安全工具类
SecurityUtils.setSecurityManager(securityManager);
//4.拿到对象
Subject subject = SecurityUtils.getSubject();
//创建token
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("shiqi","123");
//5.登陆认证
try {
System.out.println("认证状态:"+subject.isAuthenticated());
subject.login(usernamePasswordToken);
System.out.println("认证状态:"+subject.isAuthenticated());
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("认证失败:用户名错误");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("认证失败:密码错误");
}
}
}
自定义Realm实现
自定义Realm继承SimpleAccountRealm类重写方法
package com.gdw;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyShiroRealm extends SimpleAccountRealm {
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取身份信息
String principal = (String)token.getPrincipal();
//根据身份信息查询数据库
/*jdbc mybatis*/
if ("shiqi".equals(principal)){
/**
* 参数
* 1.用户名
* 2.密码
* 3.当前realm名
*/
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(principal,"123123",this.getName());
return simpleAuthenticationInfo;
}
return null;
}
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return super.doGetAuthorizationInfo(principals);
}
}
package com.gdw;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
public class TestCustomizeRealmAuthenticator {
public static void main(String[] args) {
//1.创建安全管理器对象
DefaultSecurityManager securityManager = new DefaultSecurityManager();
//2.为安全管理器设置realm
securityManager.setRealm(new MyShiroRealm());
//3.安全工具类
SecurityUtils.setSecurityManager(securityManager);
//4.拿到对象
Subject subject = SecurityUtils.getSubject();
//创建token
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("shiqi","123");
//5.登陆认证
try {
System.out.println("认证状态:"+subject.isAuthenticated());
subject.login(usernamePasswordToken);
System.out.println("认证状态:"+subject.isAuthenticated());
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("认证状态:用户名错误");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("认证状态:密码错误");
}
}
}
MD5+salt盐+散列加密
package com.gdw;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
public class CustomizeMD5Realm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String principal = (String) authenticationToken.getPrincipal();
if ("shiqi".equals(principal)){
SimpleAuthenticationInfo simpleAuthenticationInfo =
new SimpleAuthenticationInfo(
principal,
"f26da6ea39b7e049d1c816585d867893",
ByteSource.Util.bytes("abc"),//盐
this.getName());
return simpleAuthenticationInfo;
}
return null;
}
}
package com.gdw;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
public class TestCustomizeMD5RealmAuthenticator {
public static void main(String[] args) {
//1.创建安全管理器对象
DefaultSecurityManager securityManager = new DefaultSecurityManager();
//2.为安全管理器设置realm
CustomizeMD5Realm customizeMD5Realm = new CustomizeMD5Realm();
//更换凭证匹配器(MD5 hash)
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
//设置匹配算法
hashedCredentialsMatcher.setHashAlgorithmName("md5");
//设置散列次数
hashedCredentialsMatcher.setHashIterations(1024);
customizeMD5Realm.setCredentialsMatcher(hashedCredentialsMatcher);
securityManager.setRealm(customizeMD5Realm);
//3.安全工具类
SecurityUtils.setSecurityManager(securityManager);
//4.拿到对象
Subject subject = SecurityUtils.getSubject();
//创建token
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("shiqi","1234");
//5.登陆认证
try {
System.out.println("认证状态:"+subject.isAuthenticated());
subject.login(usernamePasswordToken);
System.out.println("认证状态:"+subject.isAuthenticated());
System.out.println("登陆成功");
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("认证状态:用户名错误");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("认证状态:密码错误");
}
}
}