步骤:
- 自定义Realms【继承Authentication】
- 创建shiro配置文件【建立SecuriryManager与Realm关联】
- 编写认证测试代码
- 编写认证的核心代码
1. 自定义Realms【继承Authentication】
package com.shiro.realms;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MySelfRealm extends AuthorizingRealm {
/**
* 授权方法
* @param principalCollection
* @return
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 认证方法
* @param authenticationToken
* @return
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//用户信息认证
UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;
String username = token.getUsername();
//验证用户名
if(!"zxc".equals(username)){
return null;//对应UnknownAccountException
}
//验证密码[密码不正确,IncorrectCredentialsException]
AuthenticationInfo info = new SimpleAuthenticationInfo("returndata","1231","");
return info;
}
}
2. 创建shiro.ini配置文件【建立SecuriryManager与Realm关联】
#【建立SecuriryManager与Realm关联】
MySelfRealm=com.shiro.realms.MySelfRealm
securityManager.realm=$MySelfRealm
3. 编写认证测试代码
package com.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;
public class AuthenticationTest {
public static void main(String[] args) {
//1、创建管理器工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//2、创建安全管理器
SecurityManager securityManager = factory.getInstance();
//3、初始化SecurityUtils工具类
SecurityUtils.setSecurityManager(securityManager);
//4、通过SecurityUtils获取Subject
Subject subject = SecurityUtils.getSubject();
try {
//5、认证操作
AuthenticationToken authenticationToken = new UsernamePasswordToken("zxc","123");
subject.login(authenticationToken);
//6、获取认证结果
Object principle = subject.getPrincipal();
System.out.println("登录成功,获得的principle:" + principle);
}catch (UnknownAccountException em){
System.out.println("用户不存在!");
}catch (IncorrectCredentialsException em){
System.out.println("密码输入错误!");
}
}
}