Myrealm
public class MyRealm extends AuthorizingRealm {
// 进行授权的方法
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Object principal = principals.getPrimaryPrincipal();
info.addRole( "user");
if("admin" .equals(principal)){
info.addRole( "admin");
}
return info;
}
// 进行认证的方法
/**
* @return: 主要使用 SimpleAuthenticationInfo 作为实现类
* @param tokens: 即为 handler 中调用 Subject 的 login 方法传入的 UsernamePasswordToken
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken tokens) throws AuthenticationException {
System. out.println("doGetAuthenticationInfo: " + tokens.hashCode());
// 1. 进行强制的类型转换
UsernamePasswordToken token = (UsernamePasswordToken) tokens;
// 2. 获取用户名
String username = token.getUsername();
if ("tom" .equals(username)) {
throw new UnknownAccountException();
}
if ("jerry" .equals(username)) {
throw new LockedAccountException();
}
// 3. 利用用户名从数据库中获取用户信息
System. out.println("利用用户名: " + username + "获取用户信息." );
// 4. 返回 AuthenticationInfo 实例
// principal: 登陆信息. 也可以是对象类型.
Object principal = username;
// credentials: 凭证. 即第 3 步从数据库中获取的用户的密码
String credentials = "a24880707c21d06951975ca52ae263cd" ;
// realmName: 当前 Realm 的 name. 可以直接调用 getName() 方法完成
String realmName = getName();
// SimpleAuthenticationInfo info = new
// SimpleAuthenticationInfo(principal, credentials, realmName);
ByteSource credentialsSalt = ByteSource.Util.bytes("zhao");
SimpleAuthenticationInfo info2 = new SimpleAuthenticationInfo(
principal, credentials, credentialsSalt, realmName);
return info2;
}
public static void main(String[] args) {
String hashAlgorithmName = "MD5";
String credentials = "123456";
ByteSource salt = ByteSource.Util. bytes("zhao");
int hashIterations = 1024;
Object result = new SimpleHash(hashAlgorithmName, credentials, salt,
hashIterations);
System. out.println(result);
}
}
controller层
@RequestMapping(value="shiro-login" )
public String login( @RequestParam("username" ) String username,
@RequestParam("password" ) String password){
// 获取当前的 Subject 实例. 通过 SecurityUtils.getSubject() 方法.
Subject currentUser = SecurityUtils. getSubject();
// 检测用户是否被认证. 即是否登录.
if (!currentUser.isAuthenticated()) {
// 把用户名和密码封装为一个 UsernamePasswordToken 对象.
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe( true);
try {
// 执行登陆操作. 后面进行密码的比对是由 Shiro 完成的.
System. out.println("-->" + token.hashCode());
currentUser.login(token);
//如何能够访问到已经在 Realm 中获取到的 User 的实例.
Object principal = SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
session.setAttribute("user", principal);
}
// 若用户名不存在, 则会抛出 UnknownAccountException 异常.
// 可以调用 UsernamePasswordToken 的 token.getPrincipal() 来获取登录信息
catch (UnknownAccountException uae) {
System. out.println("用户名不存在: " + uae);
return "login" ;
}
// 若用户名和密码不匹配, 则会抛出 IncorrectCredentialsException 异常.
catch (IncorrectCredentialsException ice) {
System. out.println("用户名和密码不匹配: " + ice);
return "login" ;
}
// 若该用户被锁定, 则会抛出 LockedAccountException 异常.
catch (LockedAccountException lae) {
System. out.println("该用户被锁定: " + lae);
return "login" ;
}
// ... catch more exceptions here (maybe custom ones specific to your application?
// 实际上上面所有的异常都是 AuthenticationException 的子类
catch (AuthenticationException ae) {
//unexpected condition? error?
System. out.println("其他的认证异常: " + ae);
return "login" ;
}
}
return "success" ;
}