1、继承 AuthorizingRealm ,并且重写三个方法。
package com.study.shiro.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
@Override
public String getName() {
return "MyRealm";
}
/**
* 授权操作
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
/**
* 认证操作
* @param token 表示登录时包装的usernamePasswordToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 通过用户名查找用户信息,封装成一个AuthenticationInfo对象返回,方便认证器进行对比
// 获取token中的用户名
String username = (String) token.getPrincipal();
// 通过用户名查询数据库,将该用户对应的信息查询出来:账号,密码
if(!"zhangsan".equals(username)){
return null;
}
String password = "666";
// info对象表示realm登录对比信息:参数1用户信息,参数2,:密码,参数3:当前realm的名字
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(username, password, getName());
return simpleAuthenticationInfo;
}
}
新建ini文件
#自定义realm
MyRealm=com.study.shiro.realm.MyRealm
#指定securityManager的ralms实现
securityManager.realms=$MyRealm
测试方法、
package com.study.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;
import org.apache.shiro.realm.*;
public class Test_shiro {
@Test
public void testLogin() throws Exception{
// 1.创建SecurityManager工厂对象,加载配置文件,创建
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
// 2.通过工厂对象,创建Securitymanage对象
SecurityManager securityManager = factory.getInstance();
// 3.将securitymanage绑定到当前运行环境中,让系统随时随地的都可以访问securityManager对象
SecurityUtils.setSecurityManager(securityManager);
// 4:创建当前登录的主体,注意;此时主体没有经过认证
Subject subject = SecurityUtils.getSubject();
// 5:绑定主体登录的身份、凭证,即账号密码
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","123");
try {
// 6.主体登录
subject.login(token);
}catch (IncorrectCredentialsException incorrectCredentialsException){
System.out.println("密码错误!");
}catch (UnknownAccountException UnknownAccountException){
System.out.println("用户名错误!");
}
// 7:判断是否登录成功
System.out.println("验证是否登录1:" + subject.isAuthenticated());
// 8:登出
subject.logout();
System.out.println("验证是否登录2:" + subject.isAuthenticated());
}
@Test
public void testLoginByMyRealm() throws Exception{
// 1.创建SecurityManager工厂对象,加载配置文件,创建
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
// 2.通过工厂对象,创建Securitymanage对象
SecurityManager securityManager = factory.getInstance();
// 3.将securitymanage绑定到当前运行环境中,让系统随时随地的都可以访问securityManager对象
SecurityUtils.setSecurityManager(securityManager);
// 4:创建当前登录的主体,注意;此时主体没有经过认证
Subject subject = SecurityUtils.getSubject();
// 5:绑定主体登录的身份、凭证,即账号密码
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","666");
try {
// 6.主体登录
subject.login(token);
}catch (IncorrectCredentialsException incorrectCredentialsException){
System.out.println("密码错误!");
}catch (UnknownAccountException UnknownAccountException){
System.out.println("用户名错误!");
}
// 7:判断是否登录成功
System.out.println("验证是否登录1:" + subject.isAuthenticated());
// 8:登出
subject.logout();
System.out.println("验证是否登录2:" + subject.isAuthenticated());
}
}