本文主要是介绍【shiro】shiro学习笔记2-自定义realm,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
上一篇中使用的realm是shiro自带的realm,SecurityManager调用了IniRealm来进行认证。
但开发中大部分是要自己实现realm的逻辑的环境
jar包
pom.xml
<dependencies><!-- shiro --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency><!--日志问题的解决--><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.15</version></dependency><!--日志--><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><dependency> <groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version><scope>test</scope></dependency></dependencies>目录结构
代码
自定义realm
CustomRealm.java
package xyz.mrwood.study.realm;import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;import java.util.HashMap;
import java.util.Map;public class CustomRealm extends AuthorizingRealm {// 授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}// 认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {//获得主体(帐号)String principal = (String) authenticationToken.getPrincipal();//获得凭证(密码)String credentials = new String((char[]) authenticationToken.getCredentials());//模拟数据库Map<String, String> users = new HashMap<>();users.put("kiwi", "123456");users.put("fly", "1111");users.put("kimi", "17536");users.put("kiki", "123456");//判断帐号是否存在if (users.containsKey(principal)) {return new SimpleAuthenticationInfo(principal, users.get(principal), getName());} else {return null;}}
}认证程序
AuthenticationTest.java
@Testpublic void testCustomRealm(){// 构造SecurityManager环境Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");SecurityManager securityManager = factory.getInstance();// 设置SecurityManager到运行环境中SecurityUtils.setSecurityManager(securityManager);// 构造主体对象Subject subject = SecurityUtils.getSubject();// 构造认证的token对象AuthenticationToken token = new UsernamePasswordToken("kiwi", "12345");// 主体执行登录认证try {subject.login(token);} catch (AuthenticationException e) {e.printStackTrace();}System.out.println("认证:" + subject.isAuthenticated());}shiro配置文件
shiro-realm.ini
[main]
customRealm = xyz.mrwood.study.realm.CustomRealm
#注入自定义的realm,很像spring的注入,注意这个$符号
securityManager.realms = $customRealm日志文件
log4j.properties
log4j.rootLogger=DEBUG, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%t] - %m%n总结
- 自定义realm通常继承org.apache.shiro.realm.AuthorizingRealm类,要实现两个方法
doGetAuthorizationInfo(授权逻辑),doGetAuthenticationInfo(认证逻辑),实现相应的方法 - 通过方法的入参authenticationToken可以获得用户输入的帐号与密码,如果找不到这个帐号就返回null,如果找到就返回AuthenticationInfo对象,其中帐号是用户输入的帐号,密码是数据库中对应的密码。密码的验证工作由上一层自动完成
这篇关于【shiro】shiro学习笔记2-自定义realm的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
