1.导入shiro依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.9.1</version>
</dependency>
2.编写shiro.ini文件
[users]
test=123456
test2=456
test3=789
3.编写测试类
package com.wmx;
import com.wmx.realm.CustomerRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import java.util.Arrays;
public class TestAuthenticator {
public static void main(String[] args) {
//创建安全管理器对象
DefaultSecurityManager securityManager = new DefaultSecurityManager();
//给安全管理器设置realms
securityManager.setRealm(new CustomerRealm());
// securityManager.setRealm(new IniRealm("classpath:shiro.ini"));
//全局安全工具类SecurityUtils,提供认证、退出方法
//给全局工具类设置安全管理器
SecurityUtils.setSecurityManager(securityManager);
//认证关键对象subject主体
Subject subject = SecurityUtils.getSubject();
//创建令牌,并且设置身份信息与凭证信息
UsernamePasswordToken token = new UsernamePasswordToken("test", "123456");
try {
System.out.println("认证前,认证状态:" + subject.isAuthenticated());
//用户认证
subject.login(token);
System.out.println("认证后,认证状态:" + subject.isAuthenticated());
//认证失败时会抛异常
} catch (UnknownAccountException e) {
System.out.println("认证失败:用户名不存在");
} catch (IncorrectCredentialsException e) {
System.out.println("认证失败:密码错误");
} catch (Exception e) {
e.printStackTrace();
}
System.out.println("---------------------------------------------------------------");
if (subject.isAuthenticated()) {
System.out.println(subject.hasRole("admin"));
System.out.println(subject.hasAllRoles(Arrays.asList("admin", "user")));
System.out.println(subject.isPermitted("user:*:*"));
System.out.println(subject.isPermitted("user:update:*"));
}
}
}
4.编写自定义的reaml
package com.wmx.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* @Description 自定义reaml
* @Author 吴满心
* @Date 2022/8/14 11:06
* @Version 1.0
*/
public class CustomerRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
Object principal = (String) token.getPrincipal();
System.out.println("获取的用户名为:" + principal);
SimpleAuthenticationInfo authentication = new SimpleAuthenticationInfo("test", "123456", this.getName());
return authentication;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("admin");
simpleAuthorizationInfo.addRole("user");
simpleAuthorizationInfo.addStringPermission("user:*:*");
return simpleAuthorizationInfo;
}
}