1.新建maven项目,导入shiro的jar包 <!--导入shiro依赖的commons-loggin的jar包--> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.0.4</version> </dependency> <!--导入shiro的jar包--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.3</version> </dependency> 2.创建shiro的认证文件 #声明用户的对象 [users] #=号前面是用户名 后面是密码 zhang=123456 li=654321 3、进行测试 package com.aaa.test; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; public class ShiroTest01 { public static void main(String[] args) { //创建生成SecurityManager的工厂类对象 Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro.ini"); //创建SecurityManager对象 SecurityManager securityManager = factory.getInstance(); //把SecurityManager对象设置给SecurityUtil对象 SecurityUtils.setSecurityManager(securityManager); //获取验证的主题,当前主题是用户对象 Subject subject = SecurityUtils.getSubject(); //声明要比对的用户名和密码的用户对像,相当于之前前台传过来的要校验的登录信息 UsernamePasswordToken token=new UsernamePasswordToken("张三","123456"); try{ //进行用户校验 subject.login(token); System.out.println("校验成功"); }catch(UnknownAccountException e){ System.out.println("您输入的用户名不存在"); }catch (IncorrectCredentialsException e){ System.out.println("您输入的密码不存在"); }catch(AuthenticationException e){ System.out.println("校验失败"); } } }
还可以自定义realm文件 package com.aaa.realm; import org.apache.shiro.authc.*; import org.apache.shiro.realm.Realm; public class MyRealm implements Realm { /** * 设置本realm的名字 * @return */ public String getName() { return "myRealm"; } //设置本realm支持什么样的数据校验 public boolean supports(AuthenticationToken authenticationToken) { return authenticationToken instanceof UsernamePasswordToken; } //获取认证信息 public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //获取用户传过来的用户名和密码 String username =(String) authenticationToken.getPrincipal(); char[] credentials = (char[]) authenticationToken.getCredentials(); String password=new String(credentials); //根据用户名和密码查询数据库看看能不能查询到数据 if (username.equals("张三")&&password.equals("123456")){ return new SimpleAuthenticationInfo(username,password,this.getName()); }else{ //校验失败 throw new AuthenticationException("用户名或者密码错误"); } } } 2、在shiro的主配置文件中声明自定义的realm #声明自定义的realm myRealm=com.aaa.realm.MyRealm #设置安全管理器使用我们自定义的realm securityManager.realms=$myRealm 3.测试 package com.aaa.test; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; public class ShiroTest02 { public static void main(String[] args) { //获取SecurityManager的工厂类对象 Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro-custom.ini"); //获取SecurityManage对象 SecurityManager securityManager = factory.getInstance(); //把securityManager对像存储到securityUtil对象中 SecurityUtils.setSecurityManager(securityManager); //获取主题对象 也就是当前用户 Subject subject = SecurityUtils.getSubject(); //声明要比较的用户名和密码 UsernamePasswordToken token=new UsernamePasswordToken("张三","123456"); try{ subject.login(token); System.out.println("登录成功"); }catch (AuthenticationException e){ System.out.println("登录失败"); } //退出登录 subject.logout(); } }
三、jdbcRealm 需要导入oracle和dbcp的jar包数据库中要有表
#声明数据源 dataSource=org.apache.commons.dbcp.BasicDataSource #声明数据源的一些连接属性 dataSource.driverClassName=oracle.jdbc.driver.OracleDriver dataSource.url=jdbc:oracle:thin:@localhost:1521:orcl dataSource.username=scott dataSource.password=tiger #声明jdbcrealm jdbcrealm=org.apache.shiro.realm.jdbc.JdbcRealm #声明jdbcrealm需要用到的数据源属性 jdbcrealm.dataSource=$dataSource #设置安全管理器使用的jdbcrealm securityManager.realms=$jdbcrealm 测试 package com.aaa.test; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; public class ShiroTest03 { public static void main(String[] args) { //获取SecurityManager的工厂类对象 Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-jdbcrealm.ini"); //获取SecurityManager对象 SecurityManager securityManager = factory.getInstance(); //把securityManager对象设置到SecurityUtils对象中 SecurityUtils.setSecurityManager(securityManager); //获取当前主题,即当前对象 Subject subject = SecurityUtils.getSubject(); //传入要验证的用户名和密码 UsernamePasswordToken token=new UsernamePasswordToken("张三","123456"); try{ subject.login(token); System.out.println("验证成功"); }catch (AuthenticationException e){ System.out.println("校验失败"); } } }