Shiro的认证流程大体可以参考下面这幅图:
但是没有接触过shiro的同学看到上面的图片也不明白,下面我们来在代码中尝试体验Shiro的认证过程:
1.新建一个SpringBoot项目项目结构如下:
ShiroframeApplicationTests代码:
package com.shiro.shiroframe; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.realm.SimpleAccountRealm; import org.apache.shiro.subject.Subject; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; public class ShiroframeApplicationTests { //realm,暂时用来存储我们假造的用户信息 SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm(); @BeforeEach//@BeforeEach注解的作用就是使她下面的方法在其他方法运行之前执行 public void addUser(){ //设置假造的用户信息,在Realm里面添加一个用户 simpleAccountRealm.addAccount("qqq", "aaa"); } @Test public void authenticator() { //1.构建SecurityManager环境 DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager(); //设置SecurityManager环境下的Realm defaultSecurityManager.setRealm(simpleAccountRealm); //SecurityUtils先获取SecurityManager环境 SecurityUtils.setSecurityManager(defaultSecurityManager); //通过SecurityUtils获取Subject主体 Subject subject = SecurityUtils.getSubject(); //通过UsernamePasswordToken组织提交认证所要传递的参数 UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("qqq", "aaa"); //提交登录认证 subject.login(usernamePasswordToken); //打印是否认证通过:subject.isAuthenticated() System.err.println("isAuthenticated:" + subject.isAuthenticated());//账号密码匹配的情况下打印结果:isAuthenticated:true;否则控制台报错:org.apache.shiro.authc.UnknownAccountException: Realm [org.apache.shiro.realm.SimpleAccountRealm@2cbb3d47] was unable to find account data for the submitted AuthenticationToken [org.apache.shiro.authc.UsernamePasswordToken - qq, rememberMe=false]. //登出 subject.logout(); //登出之后认证返回false System.err.println("isAuthenticated:" + subject.isAuthenticated());//isAuthenticated:false } }