接本文章中自定義realm測試代碼:
https://blog.csdn.net/qq_43560721/article/details/105411830
1.在測試類CustomRealmTest中主體提交認證請求前加入以下代碼
//shiro加密
//創建HashedCredentialsMatcher
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("md5");//設置加密算法名稱
matcher.setHashIterations(1);//設置加密次數
customRealm.setCredentialsMatcher(matcher);//自定義customRealm加密算法中放入我們matcher對象
2.在自定義的CustomRealm自定義的userMap裏邊密碼改爲MD5
加密的密碼
可以寫一main方法計算
3.接下來我們驗證一下,驗證成功
4.爲了我們的密碼更完美,我們得加點調料,加鹽
main方法計算一下
把自定義的CustomRealm自定義的userMap裏邊密碼改爲MD5加鹽加密後的string
在認證過程中加加鹽
5.接下來我們驗證一下,驗證成功
如果設置鹽是錯誤的xxs1,將會驗證錯誤,憑證錯誤
附整體代碼:
1.自定義realm
package cn.imooc.shiro.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
/**
* @Author xxs
* @Date 2020/4/8 10:33
*/
public class CustomRealm extends AuthorizingRealm {
Map<String,String> userMap = new HashMap<String, String>(16);
{
//123 202cb962ac59075b964b07152d234b70 加鹽後的787ea83776f422929ec91b73168c0e67
userMap.put("xxs","787ea83776f422929ec91b73168c0e67");
super.setName("customRealm");
}
//做授權
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 1.從主體傳過來的認證信息中,獲得用戶名
String userName = (String) principalCollection.getPrimaryPrincipal();
//2.通過用戶名到數據庫或者緩存中獲取角色數據
Set<String> roles = getRolesByUserName(userName);
//3.通過用戶名到數據庫或者緩存中獲取權限數據
Set<String> permissions = getPermissionsByUserName(userName);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setStringPermissions(permissions);
simpleAuthorizationInfo.setRoles(roles);
return simpleAuthorizationInfo;
}
/**
*模擬數據庫或緩存中查詢角色的權限
* @param userName
* @return
*/
private Set<String> getPermissionsByUserName(String userName) {
Set<String> sets = new HashSet<String>();
sets.add("user:delete");
sets.add("user:add");
return sets;
}
/**
*模擬數據庫或緩存中查詢角色
* @param userName
* @return
*/
private Set<String> getRolesByUserName(String userName) {
Set<String> sets = new HashSet<String>();
sets.add("admin");
sets.add("user");
return sets;
}
//做認證
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
throws AuthenticationException {
// 1.從主體傳過來的認證信息中,獲得用戶名
String userName = (String) authenticationToken.getPrincipal();
//2.通過用戶名到數據庫中獲取憑證
String password = getPasswordByUserName(userName);
if(password==null){
return null;
}
//創建返回對象
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo
("xxs", password, "customRealm");//用戶名,密碼,realm名稱
authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("xxs"));//把我們的鹽設置進去
return authenticationInfo;
}
/**
* 模擬數據庫或緩存中查詢憑證
* @param userName
* @return
*/
private String getPasswordByUserName(String userName) {
return userMap.get(userName);
}
public static void main(String[] args){
//md5加密
// Md5Hash md5Hash = new Md5Hash("123");
//加鹽
Md5Hash md5Hash = new Md5Hash("123","xxs");
System.out.println(md5Hash.toString());//202cb962ac59075b964b07152d234b70
}
}
2.測試類
package cn.xxs.test;
import cn.imooc.shiro.realm.CustomRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
/**
* @Author xxs
* @Date 2020/4/8 10:49
*/
public class CustomRealmTest {
@Test
public void testAuthentication(){
CustomRealm customRealm = new CustomRealm();
//1.構建SecurityManager環境,SecurityManager提供安全服務
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(customRealm);
//shiro加密
//創建HashedCredentialsMatcher
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("md5");//設置加密算法名稱
matcher.setHashIterations(1);//設置加密次數
customRealm.setCredentialsMatcher(matcher);//自定義customRealm加密算法中放入我們matcher對象
//2.主題提交認證請求
SecurityUtils.setSecurityManager(defaultSecurityManager);//設置SecurityManager環境
Subject subject = SecurityUtils.getSubject();//獲得主體
UsernamePasswordToken token = new UsernamePasswordToken("xxs","123");//認證數據
subject.login(token);//提交認證
System.out.println("isAuthenticated:"+subject.isAuthenticated());//看是否認證 true/false
// subject.checkRole("admin");//檢查角色
// subject.checkPermission("user:add");//檢查權限
}
}