一、pom引入maven依赖
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
</dependencies>
二、从ini文件获取用户名密码
shiro.ini文件
[users] admin=123456
单元测试:
@Test
public void demoIni(){
//init配置文件初始化SecurityManager工厂
Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager=factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("admin","123456");
try{
subject.login(token);
}catch (AuthenticationException ex){
}
org.junit.Assert.assertEquals(true,subject.isAuthenticated());
subject.logout();
}
三、自定义realm
1.自定义myRealm
public class myRealm1 implements Realm {
public String getName() {
return "myRealm1";
}
public boolean supports(AuthenticationToken authenticationToken) {
return authenticationToken instanceof UsernamePasswordToken;
}
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username=(String)token.getPrincipal();
String password=new String((char[])token.getCredentials());
if(!username.equals("admin")){
throw new UnknownAccountException();
}
if(!password.equals("123456")){
throw new IncorrectCredentialsException();
}
return new SimpleAuthenticationInfo(username,password,getName());
}
}
2.shiro-realm.init配置文件
[main] myrealm=realms.myRealm1 securityManager.realms=$myrealm
说明:
- 变量名=全限定类名会自动创建一个类实例
- 变量名.属性=值 自动调用相应的setter方法进行赋值
- $变量名 引用之前的一个对象实例
3.单元测试
@Test
public void demoCustomRealm(){
//init配置文件初始化SecurityManager工厂
Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-realm.ini");
SecurityManager securityManager=factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("admin","123456");
try{
subject.login(token);
}catch (AuthenticationException ex){
}
org.junit.Assert.assertEquals(true,subject.isAuthenticated());
subject.logout();
}
三、jdbc realm
1.还需要引入依赖
<!--jdbcrealm依赖 start-->
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>6.0.6</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.3</version>
</dependency>
<!--jdbcrealm依赖 end-->
2.sql
use cathycms;
create table users (
id bigint auto_increment,
username varchar(100),
password varchar(100),
password_salt varchar(100),
constraint pk_users primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_users_username on users(username);
create table user_roles(
id bigint auto_increment,
username varchar(100),
role_name varchar(100),
constraint pk_user_roles primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_user_roles on user_roles(username, role_name);
create table roles_permissions(
id bigint auto_increment,
role_name varchar(100),
permission varchar(100),
constraint pk_roles_permissions primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_roles_permissions on roles_permissions(role_name, permission);
insert into users(username,password)values('admin','123');
3.ini配置文件
[main] jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm dataSource=com.alibaba.druid.pool.DruidDataSource dataSource.driverClassName=com.mysql.jdbc.Driver dataSource.url=jdbc:mysql://localhost:3306/cathycms dataSource.username=root dataSource.password=root jdbcRealm.dataSource=$dataSource securityManager.realms=$jdbcRealm
4.单元测试
@Test
public void demoJdbcRealm(){
//init配置文件初始化SecurityManager工厂
Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini");
SecurityManager securityManager=factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("admin","123");
try{
subject.login(token);
}catch (AuthenticationException ex){
}
org.junit.Assert.assertEquals(true,subject.isAuthenticated());
subject.logout();
}
参考资料:说起shiro,最好的教程必须是张开涛老师的《跟我学shiro系列》