测试代码
package com.shiro; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; import org.junit.Test; public class AuthenticationTest { //用户登录、用户退出 @Test public void testLoginLogout(){ // 构建SecurityManager工厂,IniSecurityManagerFactory可以从ini文件中初始化SecurityManager环境 Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-cryptography.ini"); //通过工厂创建SecurityManager SecurityManager securityManager = factory.getInstance(); //将securityManager设置到运行环境中 SecurityUtils.setSecurityManager(securityManager); //创建一个subject实例,该实例认证要使用上边创建的securityManager进行 Subject subject = SecurityUtils.getSubject(); //创建token令牌,记录用户认证的身份和凭证即账号和密码 UsernamePasswordToken token = new UsernamePasswordToken("zhang", "111111"); try { //用户登陆 subject.login(token); } catch (AuthenticationException e) { // TODO Auto-generated catch block e.printStackTrace(); } //用户认证状态 boolean isAuthenticated = subject.isAuthenticated(); System.out.println("用户认证状态:"+isAuthenticated); //用户退出 subject.logout(); isAuthenticated = subject.isAuthenticated(); System.out.println("用户认证状态:"+isAuthenticated); } }
其中配置文件内容为:
[main] #定义凭证匹配器 credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher #散列算法 credentialsMatcher.hashAlgorithmName=md5 #散列次数 credentialsMatcher.hashIterations=1 #将凭证匹配器设置到realm customRealm = com.shiro.CustomRealm1 customRealm.credentialsMatcher=$credentialsMatcher #将realm设置到securityManager securityManager.realms=$customRealm
指向的realm文件的代码为:
package com.shiro; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; public class CustomRealm1 extends AuthorizingRealm{ @Override public String getName() { return "customRealm1"; } //支持UsernamePasswordToken @Override public boolean supports(AuthenticationToken token) { return token instanceof UsernamePasswordToken; } //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { return null; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { //从token中获取 用户身份信息 String username = (String) token.getPrincipal(); //拿username从数据库中查询 //.... //如果查询不到则返回null if(!username.equals("zhang")){//这里模拟查询不到 return null; } //获取从数据库查询出来的用户密码 String password = "cb571f7bd7a6f73ab004a70322b963d5";//这里使用静态数据模拟。。 //盐,随机数,此随机数也在数据库存储 String salt = "eteokues"; //返回认证信息由父类AuthenticatingRealm进行认证 SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo( username, password,ByteSource.Util.bytes(salt),getName()); return simpleAuthenticationInfo; } }
测试结果为
