一、pom引入maven依赖
junit junit 4.12 commons-logging commons-logging 1.2 org.apache.shiro shiro-core 1.3.2
二、从ini文件获取用户名密码
shiro.ini文件
[users]admin=123456
单元测试:
@Testpublic void demoIni(){ //init配置文件初始化SecurityManager工厂 Factory factory=new IniSecurityManagerFactory("classpath:shiro.ini"); SecurityManager securityManager=factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); Subject subject=SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken("admin","123456"); try{ subject.login(token); }catch (AuthenticationException ex){ } org.junit.Assert.assertEquals(true,subject.isAuthenticated()); subject.logout();}
三、自定义realm
1.自定义myRealm
public class myRealm1 implements Realm { public String getName() { return "myRealm1"; } public boolean supports(AuthenticationToken authenticationToken) { return authenticationToken instanceof UsernamePasswordToken; } public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username=(String)token.getPrincipal(); String password=new String((char[])token.getCredentials()); if(!username.equals("admin")){ throw new UnknownAccountException(); } if(!password.equals("123456")){ throw new IncorrectCredentialsException(); } return new SimpleAuthenticationInfo(username,password,getName()); }}
2.shiro-realm.init配置文件
[main]myrealm=realms.myRealm1securityManager.realms=$myrealm
说明:
- 变量名=全限定类名会自动创建一个类实例
- 变量名.属性=值 自动调用相应的setter方法进行赋值
- $变量名 引用之前的一个对象实例
3.单元测试
@Testpublic void demoCustomRealm(){ //init配置文件初始化SecurityManager工厂 Factory factory=new IniSecurityManagerFactory("classpath:shiro-realm.ini"); SecurityManager securityManager=factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); Subject subject=SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken("admin","123456"); try{ subject.login(token); }catch (AuthenticationException ex){ } org.junit.Assert.assertEquals(true,subject.isAuthenticated()); subject.logout();} 三、jdbc realm
1.还需要引入依赖
mysql mysql-connector-java 6.0.6 com.alibaba druid 1.1.3
2.sql
use cathycms; create table users ( id bigint auto_increment, username varchar(100), password varchar(100), password_salt varchar(100), constraint pk_users primary key(id)) charset=utf8 ENGINE=InnoDB;create unique index idx_users_username on users(username); create table user_roles( id bigint auto_increment, username varchar(100), role_name varchar(100), constraint pk_user_roles primary key(id)) charset=utf8 ENGINE=InnoDB;create unique index idx_user_roles on user_roles(username, role_name); create table roles_permissions( id bigint auto_increment, role_name varchar(100), permission varchar(100), constraint pk_roles_permissions primary key(id)) charset=utf8 ENGINE=InnoDB;create unique index idx_roles_permissions on roles_permissions(role_name, permission); insert into users(username,password)values('admin','123');
3.ini配置文件
[main]jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealmdataSource=com.alibaba.druid.pool.DruidDataSourcedataSource.driverClassName=com.mysql.jdbc.DriverdataSource.url=jdbc:mysql://localhost:3306/cathycmsdataSource.username=rootdataSource.password=rootjdbcRealm.dataSource=$dataSourcesecurityManager.realms=$jdbcRealm
4.单元测试
@Testpublic void demoJdbcRealm(){ //init配置文件初始化SecurityManager工厂 Factory factory=new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini"); SecurityManager securityManager=factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); Subject subject=SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken("admin","123"); try{ subject.login(token); }catch (AuthenticationException ex){ } org.junit.Assert.assertEquals(true,subject.isAuthenticated()); subject.logout();}
参考资料:说起shiro,最好的教程必须是张开涛老师的《跟我学shiro系列》