1、繼承 AuthorizingRealm ,並且重寫三個方法。
package com.study.shiro.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
@Override
public String getName() {
return "MyRealm";
}
/**
* 授權操作
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
/**
* 認證操作
* @param token 表示登錄時包裝的usernamePasswordToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 通過用戶名查找用戶信息,封裝成一個AuthenticationInfo對象返回,方便認證器進行對比
// 獲取token中的用戶名
String username = (String) token.getPrincipal();
// 通過用戶名查詢數據庫,將該用戶對應的信息查詢出來:賬號,密碼
if(!"zhangsan".equals(username)){
return null;
}
String password = "666";
// info對象表示realm登錄對比信息:參數1用戶信息,參數2,:密碼,參數3:當前realm的名字
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(username, password, getName());
return simpleAuthenticationInfo;
}
}
新建ini文件
#自定義realm
MyRealm=com.study.shiro.realm.MyRealm
#指定securityManager的ralms實現
securityManager.realms=$MyRealm
測試方法、
package com.study.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;
import org.apache.shiro.realm.*;
public class Test_shiro {
@Test
public void testLogin() throws Exception{
// 1.創建SecurityManager工廠對象,加載配置文件,創建
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
// 2.通過工廠對象,創建Securitymanage對象
SecurityManager securityManager = factory.getInstance();
// 3.將securitymanage綁定到當前運行環境中,讓系統隨時隨地的都可以訪問securityManager對象
SecurityUtils.setSecurityManager(securityManager);
// 4:創建當前登錄的主體,注意;此時主體沒有經過認證
Subject subject = SecurityUtils.getSubject();
// 5:綁定主體登錄的身份、憑證,即賬號密碼
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","123");
try {
// 6.主體登錄
subject.login(token);
}catch (IncorrectCredentialsException incorrectCredentialsException){
System.out.println("密碼錯誤!");
}catch (UnknownAccountException UnknownAccountException){
System.out.println("用戶名錯誤!");
}
// 7:判斷是否登錄成功
System.out.println("驗證是否登錄1:" + subject.isAuthenticated());
// 8:登出
subject.logout();
System.out.println("驗證是否登錄2:" + subject.isAuthenticated());
}
@Test
public void testLoginByMyRealm() throws Exception{
// 1.創建SecurityManager工廠對象,加載配置文件,創建
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
// 2.通過工廠對象,創建Securitymanage對象
SecurityManager securityManager = factory.getInstance();
// 3.將securitymanage綁定到當前運行環境中,讓系統隨時隨地的都可以訪問securityManager對象
SecurityUtils.setSecurityManager(securityManager);
// 4:創建當前登錄的主體,注意;此時主體沒有經過認證
Subject subject = SecurityUtils.getSubject();
// 5:綁定主體登錄的身份、憑證,即賬號密碼
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","666");
try {
// 6.主體登錄
subject.login(token);
}catch (IncorrectCredentialsException incorrectCredentialsException){
System.out.println("密碼錯誤!");
}catch (UnknownAccountException UnknownAccountException){
System.out.println("用戶名錯誤!");
}
// 7:判斷是否登錄成功
System.out.println("驗證是否登錄1:" + subject.isAuthenticated());
// 8:登出
subject.logout();
System.out.println("驗證是否登錄2:" + subject.isAuthenticated());
}
}