步驟:
- 自定義Realms【繼承Authentication】
- 創建shiro配置文件【建立SecuriryManager與Realm關聯】
- 編寫認證測試代碼
- 編寫認證的核心代碼
1. 自定義Realms【繼承Authentication】
package com.shiro.realms;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MySelfRealm extends AuthorizingRealm {
/**
* 授權方法
* @param principalCollection
* @return
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 認證方法
* @param authenticationToken
* @return
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//用戶信息認證
UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;
String username = token.getUsername();
//驗證用戶名
if(!"zxc".equals(username)){
return null;//對應UnknownAccountException
}
//驗證密碼[密碼不正確,IncorrectCredentialsException]
AuthenticationInfo info = new SimpleAuthenticationInfo("returndata","1231","");
return info;
}
}
2. 創建shiro.ini配置文件【建立SecuriryManager與Realm關聯】
#【建立SecuriryManager與Realm關聯】
MySelfRealm=com.shiro.realms.MySelfRealm
securityManager.realm=$MySelfRealm
3. 編寫認證測試代碼
package com.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;
public class AuthenticationTest {
public static void main(String[] args) {
//1、創建管理器工廠
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//2、創建安全管理器
SecurityManager securityManager = factory.getInstance();
//3、初始化SecurityUtils工具類
SecurityUtils.setSecurityManager(securityManager);
//4、通過SecurityUtils獲取Subject
Subject subject = SecurityUtils.getSubject();
try {
//5、認證操作
AuthenticationToken authenticationToken = new UsernamePasswordToken("zxc","123");
subject.login(authenticationToken);
//6、獲取認證結果
Object principle = subject.getPrincipal();
System.out.println("登錄成功,獲得的principle:" + principle);
}catch (UnknownAccountException em){
System.out.println("用戶不存在!");
}catch (IncorrectCredentialsException em){
System.out.println("密碼輸入錯誤!");
}
}
}