【shiro】shiro学习笔记2-自定义realm

本文主要是介绍【shiro】shiro学习笔记2-自定义realm，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

上一篇中使用的realm是shiro自带的realm,SecurityManager调用了IniRealm来进行认证。
但开发中大部分是要自己实现realm的逻辑的

环境

jar包

pom.xml

<dependencies><!-- shiro --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency><!--日志问题的解决--><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.15</version></dependency><!--日志--><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><dependency> <groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version><scope>test</scope></dependency></dependencies>

目录结构

代码

自定义realm

CustomRealm.java

package xyz.mrwood.study.realm;import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;import java.util.HashMap;
import java.util.Map;public class CustomRealm extends AuthorizingRealm {// 授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}// 认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {//获得主体(帐号)String principal = (String) authenticationToken.getPrincipal();//获得凭证（密码）String credentials = new String((char[]) authenticationToken.getCredentials());//模拟数据库Map<String, String> users = new HashMap<>();users.put("kiwi", "123456");users.put("fly", "1111");users.put("kimi", "17536");users.put("kiki", "123456");//判断帐号是否存在if (users.containsKey(principal)) {return new SimpleAuthenticationInfo(principal, users.get(principal), getName());} else {return null;}}
}

认证程序

AuthenticationTest.java

@Testpublic void testCustomRealm(){// 构造SecurityManager环境Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");SecurityManager securityManager = factory.getInstance();// 设置SecurityManager到运行环境中SecurityUtils.setSecurityManager(securityManager);// 构造主体对象Subject subject = SecurityUtils.getSubject();// 构造认证的token对象AuthenticationToken token = new UsernamePasswordToken("kiwi", "12345");// 主体执行登录认证try {subject.login(token);} catch (AuthenticationException e) {e.printStackTrace();}System.out.println("认证：" + subject.isAuthenticated());}

shiro配置文件

shiro-realm.ini

[main]
customRealm = xyz.mrwood.study.realm.CustomRealm
#注入自定义的realm,很像spring的注入，注意这个$符号
securityManager.realms = $customRealm

日志文件

log4j.properties

log4j.rootLogger=DEBUG, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%t] - %m%n

总结

自定义realm通常继承org.apache.shiro.realm.AuthorizingRealm类，要实现两个方法
doGetAuthorizationInfo(授权逻辑)，doGetAuthenticationInfo(认证逻辑)，实现相应的方法
通过方法的入参authenticationToken可以获得用户输入的帐号与密码，如果找不到这个帐号就返回null,如果找到就返回AuthenticationInfo对象，其中帐号是用户输入的帐号，密码是数据库中对应的密码。密码的验证工作由上一层自动完成

这篇关于【shiro】shiro学习笔记2-自定义realm的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！