shiro入门示例

一、pom引入maven依赖

<dependencies>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>4.12</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.3.2</version>
    </dependency>
</dependencies>

　　

二、从ini文件获取用户名密码

shiro.ini文件

[users]
admin=123456

 

单元测试：

@Test
public void demoIni(){
    //init配置文件初始化SecurityManager工厂
    Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro.ini");
    SecurityManager securityManager=factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
 
    Subject subject=SecurityUtils.getSubject();
    UsernamePasswordToken token=new UsernamePasswordToken("admin","123456");
 
    try{
        subject.login(token);
    }catch (AuthenticationException ex){
 
    }

    org.junit.Assert.assertEquals(true,subject.isAuthenticated());
 
    subject.logout();
}

　

三、自定义realm

1.自定义myRealm

public class myRealm1 implements Realm {
    public String getName() {
        return "myRealm1";
    }
 
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof UsernamePasswordToken;
    }
 
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String username=(String)token.getPrincipal();
        String password=new String((char[])token.getCredentials());
 
        if(!username.equals("admin")){
            throw new UnknownAccountException();
        }
 
        if(!password.equals("123456")){
            throw new IncorrectCredentialsException();
        }
 
        return new SimpleAuthenticationInfo(username,password,getName());
    }
}

　

2.shiro-realm.init配置文件

[main]
myrealm=realms.myRealm1
securityManager.realms=$myrealm 

说明：

• 变量名=全限定类名会自动创建一个类实例
• 变量名.属性=值 自动调用相应的setter方法进行赋值
• $变量名 引用之前的一个对象实例 

 

3.单元测试

@Test
public void demoCustomRealm(){
    //init配置文件初始化SecurityManager工厂
    Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-realm.ini");
    SecurityManager securityManager=factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
 
    Subject subject=SecurityUtils.getSubject();
    UsernamePasswordToken token=new UsernamePasswordToken("admin","123456");
 
    try{
        subject.login(token);
    }catch (AuthenticationException ex){
 
    }
 
    org.junit.Assert.assertEquals(true,subject.isAuthenticated());
 
    subject.logout();
}

三、jdbc realm

1.还需要引入依赖

<!--jdbcrealm依赖 start-->
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <version>6.0.6</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
<dependency>
    <groupId>com.alibaba</groupId>
    <artifactId>druid</artifactId>
    <version>1.1.3</version>
</dependency>
<!--jdbcrealm依赖 end-->

　　2.sql

use cathycms;
 
create table users (
  id bigint auto_increment,
  username varchar(100),
  password varchar(100),
  password_salt varchar(100),
  constraint pk_users primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_users_username on users(username);
 
create table user_roles(
  id bigint auto_increment,
  username varchar(100),
  role_name varchar(100),
  constraint pk_user_roles primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_user_roles on user_roles(username, role_name);
 
create table roles_permissions(
  id bigint auto_increment,
  role_name varchar(100),
  permission varchar(100),
  constraint pk_roles_permissions primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_roles_permissions on roles_permissions(role_name, permission);
 
insert into users(username,password)values('admin','123');

　　

3.ini配置文件

[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/cathycms
dataSource.username=root
dataSource.password=root
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm

　　 

4.单元测试

@Test
public void demoJdbcRealm(){
    //init配置文件初始化SecurityManager工厂
    Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini");
    SecurityManager securityManager=factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
 
    Subject subject=SecurityUtils.getSubject();
    UsernamePasswordToken token=new UsernamePasswordToken("admin","123");
 
    try{
        subject.login(token);
    }catch (AuthenticationException ex){
 
    }
 
    org.junit.Assert.assertEquals(true,subject.isAuthenticated());
 
    subject.logout();
}

　　

 

参考资料：说起shiro，最好的教程必须是张开涛老师的《跟我学shiro系列》

http://jinnianshilongnian.iteye.com/blog/2018398