shiro架构
步骤
1认证
1创建Security Manager > 提交主体验证> security manager验证 > authenticator认证 > Realm验证
public class AuthenticatorTest {
SimpleAccountRealm realm = new SimpleAccountRealm();
@Before
public void addUser(){
realm.addAccount("zhumiao","1234");
}
@Test
public void testAuthentication(){
//1.构建securityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(realm);
//2.主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhumiao","1234");
subject.login(token);
System.out.println("isAuthentication:" + subject.isAuthenticated());
subject.logout();
System.out.println("isAuthentication:" + subject.isAuthenticated());
}
}
2授权
创建SecurityManager > 主体授权 > SecurityManager授权 >Authorizer授权 > Realm获取角色权限数据
@Before
public void addUser(){
realm.addAccount("zhumiao","1234","admin","user");
}
subject.checkRoles("admin","user");
3iniRealm
[users]
zhumiao=1234,admin,user
[roles]
admin=user:delete,user:update
public class IniRealmTest {
@Test
public void testAuthentication(){
IniRealm iniRealm = new IniRealm("classpath:user.ini");
//1.构建securityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(iniRealm);
//2.主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhumiao","1234");
subject.login(token);
subject.isAuthenticated();
subject.checkRoles("admin","user");
subject.checkPermission("user:delete");
subject.checkPermission("user:update");
}
}
4jdbcRealm
注意在授权的时候设置jdbcrealm的开关为true才可以进行授权,数据库表可以参照类JdbcRealm源码进行创建
public class JdbcRealmTest {
DruidDataSource datasource = new DruidDataSource();
{
datasource.setUrl("jdbc:mysql://localhost:3306/testshiro");
datasource.setUsername("root");
datasource.setPassword("1234");
}
@Test
public void testAuthentication(){
JdbcRealm jdbcRealm = new JdbcRealm();
jdbcRealm.setDataSource(datasource);
jdbcRealm.setPermissionsLookupEnabled(true);//注意这里必须要设置为true
//1.构建securityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(jdbcRealm);
//2.主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhumiao","12345");
subject.login(token);
subject.isAuthenticated();
subject.checkRoles("admin");
subject.checkPermission("user:delete");
subject.checkPermission("user:update");
}
}
自定义查询 加上这个就ok了
String sql = "select password from diy_users where username = ?";
String roleSql = "select role from diy_user_role where username = ?";
jdbcRealm.setAuthenticationQuery(sql);
jdbcRealm.setUserRolesQuery(roleSql);
5自定义realm
public class MyRealm extends AuthorizingRealm {
Map<String,String> users = new HashMap<String, String>();
{users.put("zhumiao","1234");super.setName("customrealm");}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String username = (String) principalCollection.getPrimaryPrincipal();
Set<String> roles = getRolesByUsername(username);
Set<String> permissions = getPermissionByUsername(username);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setRoles(roles);
simpleAuthorizationInfo.setStringPermissions(permissions);
return simpleAuthorizationInfo;
}
private Set<String> getPermissionByUsername(String username) {
//模拟
Set<String> permissions = new HashSet<String>();
permissions.add("user:delete");
return permissions;
}
private Set<String> getRolesByUsername(String username) {
//模拟
Set<String> roles = new HashSet<String>();
roles.add("admin");
return roles;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1 从主体中获得用户信息
String username = (String) authenticationToken.getPrincipal();
//2 从数据库中查找用户密码
String password = getPasswordByUserName(username);
if (password == null) {
return null;
}
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(username,password,"customrealm");
return authenticationInfo;
}
private String getPasswordByUserName(String username) {
//模拟数据库获取密码
return users.get("zhumiao");
}
}
测试类
public class MyRealmTest {
@Test
public void testAuthentication(){
//1.构建securityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(new MyRealm());
//2.主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
// UsernamePasswordToken token = new UsernamePasswordToken("zhumiao","12345");
UsernamePasswordToken token = new UsernamePasswordToken("zhumiao","1234");
subject.login(token);
subject.isAuthenticated();
subject.checkRoles("admin");
subject.checkPermission("user:delete");
subject.checkPermission("user:update");
}
}
6shiro加密 1HashCredentialsMatcher 2自定义Realm中使用散列 3use salt
public class MyRealm extends AuthorizingRealm {
Map<String,String> users = new HashMap<String, String>();
{users.put("zhumiao","30b645e960bb4a972f826c292fb288e2");super.setName("customrealm");}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String username = (String) principalCollection.getPrimaryPrincipal();
Set<String> roles = getRolesByUsername(username);
Set<String> permissions = getPermissionByUsername(username);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setRoles(roles);
simpleAuthorizationInfo.setStringPermissions(permissions);
return simpleAuthorizationInfo;
}
private Set<String> getPermissionByUsername(String username) {
//模拟
Set<String> permissions = new HashSet<String>();
permissions.add("user:delete");
return permissions;
}
private Set<String> getRolesByUsername(String username) {
//模拟
Set<String> roles = new HashSet<String>();
roles.add("admin");
return roles;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1 从主体中获得用户信息
String username = (String) authenticationToken.getPrincipal();
//2 从数据库中查找用户密码
String password = getPasswordByUserName(username);
if (password == null) {
return null;
}
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(username,password,"customrealm");
authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("zhumiao"));
return authenticationInfo;
}
private String getPasswordByUserName(String username) {
//模拟数据库获取密码
return users.get("zhumiao");
}
}
测试类
public class MyRealmTest {
@Test
public void testAuthentication(){
MyRealm myRealm = new MyRealm();
//1.构建securityManager环境
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(myRealm);
//加密加盐
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("md5");
matcher.setHashIterations(1);
myRealm.setCredentialsMatcher(matcher);
//2.主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
// UsernamePasswordToken token = new UsernamePasswordToken("zhumiao","12345");
UsernamePasswordToken token = new UsernamePasswordToken("zhumiao","1234");
subject.login(token);
subject.isAuthenticated();
subject.checkRoles("admin");
subject.checkPermission("user:delete");
// subject.checkPermission("user:update");
}
public static void main(String[] args) {
Md5Hash md5Hash = new Md5Hash("1234","zhumiao");
System.out.println(md5Hash.toString());//81dc9bdb52d04dc20036dbd8313ed055//30b645e960bb4a972f826c292fb288e2
}
}