shiro入門示例

1、pom引入maven依賴

<dependencies>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>4.12</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.3.2</version>
    </dependency>
</dependencies>

　　

2、從ini文件獲取用戶名密碼

shiro.ini文件

[users]
admin=123456

 

單元測試：

@Test
public void demoIni(){
    //init配置文件初始化SecurityManager工廠
    Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro.ini");
    SecurityManager securityManager=factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
 
    Subject subject=SecurityUtils.getSubject();
    UsernamePasswordToken token=new UsernamePasswordToken("admin","123456");
 
    try{
        subject.login(token);
    }catch (AuthenticationException ex){
 
    }

    org.junit.Assert.assertEquals(true,subject.isAuthenticated());
 
    subject.logout();
}

　

3、自定義realm

1.自定義myRealm

public class myRealm1 implements Realm {
    public String getName() {
        return "myRealm1";
    }
 
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof UsernamePasswordToken;
    }
 
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String username=(String)token.getPrincipal();
        String password=new String((char[])token.getCredentials());
 
        if(!username.equals("admin")){
            throw new UnknownAccountException();
        }
 
        if(!password.equals("123456")){
            throw new IncorrectCredentialsException();
        }
 
        return new SimpleAuthenticationInfo(username,password,getName());
    }
}

　

2.shiro-realm.init配置文件

[main]
myrealm=realms.myRealm1
securityManager.realms=$myrealm 

說明：

• 變量名=全限定類名會自動建立一個類實例
• 變量名.屬性=值 自動調用相應的setter方法進行賦值
• $變量名 引用以前的一個對象實例 

 

3.單元測試

@Test
public void demoCustomRealm(){
    //init配置文件初始化SecurityManager工廠
    Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-realm.ini");
    SecurityManager securityManager=factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
 
    Subject subject=SecurityUtils.getSubject();
    UsernamePasswordToken token=new UsernamePasswordToken("admin","123456");
 
    try{
        subject.login(token);
    }catch (AuthenticationException ex){
 
    }
 
    org.junit.Assert.assertEquals(true,subject.isAuthenticated());
 
    subject.logout();
}

3、jdbc realm

1.還須要引入依賴

<!--jdbcrealm依賴 start-->
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <version>6.0.6</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
<dependency>
    <groupId>com.alibaba</groupId>
    <artifactId>druid</artifactId>
    <version>1.1.3</version>
</dependency>
<!--jdbcrealm依賴 end-->

　　2.sql

use cathycms;
 
create table users (
  id bigint auto_increment,
  username varchar(100),
  password varchar(100),
  password_salt varchar(100),
  constraint pk_users primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_users_username on users(username);
 
create table user_roles(
  id bigint auto_increment,
  username varchar(100),
  role_name varchar(100),
  constraint pk_user_roles primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_user_roles on user_roles(username, role_name);
 
create table roles_permissions(
  id bigint auto_increment,
  role_name varchar(100),
  permission varchar(100),
  constraint pk_roles_permissions primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_roles_permissions on roles_permissions(role_name, permission);
 
insert into users(username,password)values('admin','123');

　　

3.ini配置文件

[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/cathycms
dataSource.username=root
dataSource.password=root
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm

　　 

4.單元測試

@Test
public void demoJdbcRealm(){
    //init配置文件初始化SecurityManager工廠
    Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini");
    SecurityManager securityManager=factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
 
    Subject subject=SecurityUtils.getSubject();
    UsernamePasswordToken token=new UsernamePasswordToken("admin","123");
 
    try{
        subject.login(token);
    }catch (AuthenticationException ex){
 
    }
 
    org.junit.Assert.assertEquals(true,subject.isAuthenticated());
 
    subject.logout();
}

　　

 

參考資料：提及shiro，最好的教程必須是張開濤老師的《跟我學shiro系列》

http://jinnianshilongnian.iteye.com/blog/2018398