[置顶] Shiro学习之身份验证
小编在shiro 学习第一步中写了对shiro的架构原理,组件的基本认识进行了总结和说明,这篇博客就带着大家实现shiro学习中的身份认证的两个例子:
那么身份验证是神马东西?
1.subject的认证主体包含两个信息身份(Principals)和凭证(Credentials);
2.认证流程如下:
下面一起来看具体的代码实现:
-----------------------------身份验证之HelloWorld实现----------------------------
➷ 环境搭建:
1.maven的配置
打开eclipse,根据路径windows-->preference -->Maven-->User settings 打开下图中的界面:
在图中的红色框内显示的配置文件中配置maven中央仓库的地址;
2.确保jdk,server,maven配置没有问题的情况下我们开始建立项目:
➷ 项目开发
1.新建一个maven项目,在pom.xml配置文件中进行如下配置:主要是引入shiro-core和slf4j
<span style="font-size:18px;"><span style="font-size:18px;"><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.java1234.shiro</groupId>
<artifactId>Shiro01</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>Shiro01</name>
<description>Shiro01</description>
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.12</version>
</dependency>
</dependencies>
</project></span></span>
2.新建一个Java类 HelloWorld
<span style="font-size:18px;"><span style="font-size:18px;">package com.java1234.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class HelloWorld {
public static void main(String[] args) {
//读取配置文件,初始化SecurityManager工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//获取SecurityManager实例
SecurityManager securityManager = factory.getInstance();
//把SecurityManager实例绑定到securityUtils
SecurityUtils.setSecurityManager(securityManager);
//得到当前执行的用户
Subject currentUser =SecurityUtils.getSubject();
//创建token令牌,用户名/密码
UsernamePasswordToken token =new UsernamePasswordToken("java1234","123456");
try {
//身份认证
currentUser.login(token);
System.out.println("身份认证成功!");
} catch (AuthenticationException e) {
e.printStackTrace();
System.out.println("身份认证失败!");
}
currentUser.logout();
}
}</span></span>
3.新建shiro.ini配置文件,用来存储用户名和密码:
<span style="font-size:18px;">[users] java1234=123456 jack=123</span>4.为了在控制台中打印详细的信息,我们在shiro.ini的路径中添加 log4j的配置文件:
<span style="font-size:18px;"><span style="font-size:18px;"># log4j.rootLogger=INFO, stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - %m %n # General Apache libraries log4j.logger.org.apache=WARN # Spring log4j.logger.org.springframework=WARN # Default Shiro logging log4j.logger.org.apache.shiro=TRACE # Disable verbose logging log4j.logger.org.apache.shiro.util.ThreadContext=WARN log4j.logger.org.apache.shiro.cache.ehcache.EhCache=WARN </span></span>
最后,我们可以直接运行main方法,我们可以看到“身份认证成功!”或“身份认证失败!”;
![[置顶] Shiro学习之身份验证_第1张图片](http://img.e-com-net.com/image/info5/b9cbe8f7793146fb9906afcb24ced67d.png)
-----------------------------身份验证之Jdbc_Realm的实现----------------------------
Realm:意思是域,shiro从Realm中获取验证数据;
Realm有很多种类,常见的有jdbc realm,jndi realm, text realm
在HelloWorld例子环境的基础上,我们进行以下操作:
1.pom文件的配置:
<span style="font-size:18px;"><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.java1234.shiro</groupId>
<artifactId>Shiro01</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>Shiro01</name>
<description>Shiro01</description>
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.12</version>
</dependency>
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.37</version>
</dependency>
</dependencies>
</project></span>
2.更新ini文件,添加jdbc_realm.ini文件,该配置文件类似hibernate的配置文件,主要用来
连接目标数据库及地址,代码如下:
<span style="font-size:18px;">[main] jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm dataSource=com.mchange.v2.c3p0.ComboPooledDataSource dataSource.driverClass=com.mysql.jdbc.Driver dataSource.jdbcUrl=jdbc:mysql://192.168.21.65:3306/db_shiro dataSource.user=root dataSource.password=123456 jdbcRealm.dataSource=$dataSource securityManager.realms=$jdbcRealm</span>3.做好上述步骤之后,我们可以编写测试类了:
<span style="font-size:18px;">package com.java1234.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class JdbcRealmTest {
public static void main(String[] args) {
//读取配置文件,初始化SecurityManager工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:jdbc_realm.ini");
//获取SecurityManager实例
SecurityManager securityManager = factory.getInstance();
//把SecurityManager实例绑定到securityUtils
SecurityUtils.setSecurityManager(securityManager);
//得到当前执行的用户
Subject currentUser =SecurityUtils.getSubject();
//创建token令牌,用户名/密码
UsernamePasswordToken token =new UsernamePasswordToken("java1234","123456");
try {
//身份认证
currentUser.login(token);
System.out.println("身份认证成功!");
} catch (AuthenticationException e) {
e.printStackTrace();
System.out.println("身份认证失败!");
}
currentUser.logout();
}
}
</span>
之后我们运行main方法,可以发现console中不断打印相关的jar调用信息,并且有“身份认证
成功”的提示字样,说明我们在main方法中编写的“Java1234”的用户名对应的密码的确是“123456”;
![[置顶] Shiro学习之身份验证_第2张图片](http://img.e-com-net.com/image/info5/99db73b2780f4a7fb3f97254dc1bba38.png)
到这里关于身份认证的两个例子我们就完成了,道理很简单,使用main方法来验证连接的目标数据库中是否有main方法中编写的用户,如果有,说明当前用户和密码均正确,否则用户不存在或密码不正确;使用这样的思路shiro就可以带我们完成更加复杂的身份认证;