Shiro小案例
在上篇Shiro入门学习中说到了Shiro可以完成认证,授权等流程。在学习认证流程之前,我们应该先入门一个Shiro小案例。
创建一个java maven项目
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>groupId</groupId> <artifactId>Shrio-login</artifactId> <version>1.0-SNAPSHOT</version> <dependencies> <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.25</version> </dependency> <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.25</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-nop</artifactId> <version>1.7.2</version> </dependency> </dependencies> </project>
log4j.rootLogger = info,stdout,file log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=[%p][%d{yyyy-MM-dd HH:mm:ss}][%C{1}:%L] - %m%n log4j.appender.file = org.apache.log4j.DailyRollingFileAppender log4j.appender.file.file=C:\Users\amber.lei\Documents\Learning\Shiro\log\info(+).log log4j.appender.file.DatePattern= '.'yyyy-MM-dd log4j.appender.file.layout=org.apache.log4j.PatternLayout log4j.appender.file.layout.ConversionPattern=[%p][%d{yyyy-MM-dd HH:mm:ss}][%C{1}:%L] - %m%n log4j.appender.file.Encoding=UTF-8
LoginDemo.java
1 package com.amber.login; 2 3 import org.apache.shiro.SecurityUtils; 4 import org.apache.shiro.authc.AuthenticationException; 5 import org.apache.shiro.authc.UnknownAccountException; 6 import org.apache.shiro.authc.UsernamePasswordToken; 7 import org.apache.shiro.config.IniSecurityManagerFactory; 8 import org.apache.shiro.mgt.SecurityManager; 9 import org.apache.shiro.subject.Subject; 10 import org.slf4j.Logger; 11 import org.slf4j.LoggerFactory; 12 13 /** 14 * Shiro入门 15 */ 16 public class LoginDemo { 17 static Logger logger = LoggerFactory.getLogger(LoginDemo.class); 18 public static void main(String[] args) { 19 20 //1.获得SecurityManagerFactory 21 IniSecurityManagerFactory iniSecurityManagerFactory = new IniSecurityManagerFactory("classpath:shiro.ini"); 22 //2.通过工厂获得SecurityManager 23 SecurityManager securityManager = iniSecurityManagerFactory.getInstance(); 24 //3.把SecurityManger放置到运行环境中 25 SecurityUtils.setSecurityManager(securityManager); 26 try { 27 //4.通过SecurityUtis获取subject 28 Subject subject = SecurityUtils.getSubject(); 29 UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("amber", "111111");//这里的amber 和 111111指用户输入的用户名和密码 30 //登陆 31 subject.login(usernamePasswordToken); 32 //判断是否通过验证,true代表通过验证 33 if (subject.isAuthenticated()) { 34 logger.info("login successful"); 35 } 36 subject.logout(); 37 } catch (UnknownAccountException e) { 38 logger.error("ERROR incorrect username or passwod", e); 39 } catch (AuthenticationException e) { 40 logger.error("login failed", e); 41 } 42 } 43 }
Shiro.ini
[users]
amber=111111
[users]可以理解成一个用户组,里面有一个用户username:amber ,password:111111.当然在实际开发中,我们的用户名和密码都是从数据库中读取出来的。
Shiro案例流程:
- 通过shiro.ini文件获得到工厂,然后通过工厂获得SecurityManager.
- 把SecuityManager交给SecuityUtils
- 通过SecurityUtils获得到Subject对象
- 把用户传入的用户名和密码,生成UsernamePasswordToken实例
- 把token传给Subject.login(token),如果验证失败抛出异常