shiro学习(5)：ini文件和自定义realm

工具idea

首先创建maven项目

配置文件

<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>geyaoshiro</groupId><artifactId>geyaoshiro</artifactId><version>1.0-SNAPSHOT</version><packaging>war</packaging><name>geyaoshiro Maven Webapp</name><!-- FIXME change it to the project's website --><url>http://www.example.com</url><properties><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><maven.compiler.source>1.7</maven.compiler.source><maven.compiler.target>1.7</maven.compiler.target></properties><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.11</version><scope>test</scope></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.3</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.6.1</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.6.1</version></dependency></dependencies><build><finalName>geyaoshiro</finalName><pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --><plugins><plugin><artifactId>maven-clean-plugin</artifactId><version>3.1.0</version></plugin><!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging --><plugin><artifactId>maven-resources-plugin</artifactId><version>3.0.2</version></plugin><plugin><artifactId>maven-compiler-plugin</artifactId><version>3.8.0</version></plugin><plugin><artifactId>maven-surefire-plugin</artifactId><version>2.22.1</version></plugin><plugin><artifactId>maven-war-plugin</artifactId><version>3.2.2</version></plugin><plugin><artifactId>maven-install-plugin</artifactId><version>2.5.2</version></plugin><plugin><artifactId>maven-deploy-plugin</artifactId><version>2.8.2</version></plugin></plugins></pluginManagement></build>
</project>

首先看一下目录

上面已经解决了相关的依赖

配置文件

shiro.ini

[users]
zhang=123456,admin
test=123456,test[roles]
admin=*
test=search,add,update

建立一个shirotest类

package com.geyao.shiro.test;import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;public class ShiroTest {public static void main(String[] args) {// 1、获取SecurityManager工厂，此处使用Ini配置文件初始化SecurityManagerFactory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro.ini");// 2、得到SecurityManager实例 并绑定给SecurityUtilsSecurityManager securityManager = factory.getInstance();SecurityUtils.setSecurityManager(securityManager);// 3、得到Subject及创建用户名/密码身份验证Token（即用户身份/凭证）Subject subject = SecurityUtils.getSubject();UsernamePasswordToken token = new UsernamePasswordToken("zhang", "123");//UsernamePasswordToken token2 = new UsernamePasswordToken("password", "wei");try {// 4、登录，即身份验证subject.login(token);if(subject.hasRole("admin")){System.out.println("有admin角色");}else{System.out.println("没有admin角色");}if(subject.isPermitted("del")){System.out.println("有delete权限");}else{System.out.println("没有delete权限");}//subject.login(token2);} catch (AuthenticationException e) {e.printStackTrace();System.out.println("登录失败 ");// 5、身份验证失败}// 6、退出subject.logout();}
}

建立一个MyRealm类

package com.geyao.shiro.test;import org.apache.shiro.authc.*;
import org.apache.shiro.realm.Realm;public class MyRealm implements Realm {@Overridepublic String getName() {return "myrealm";}@Overridepublic boolean supports(AuthenticationToken authenticationToken) {//只支持Usernamepasswordtolkenreturn authenticationToken instanceof UsernamePasswordToken;}@Overridepublic AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {String username=(String)authenticationToken.getPrincipal();String password=new  String((char[]) authenticationToken.getCredentials());if(!"test".equals(username)){throw new UnknownAccountException();}if(!"123456".equals(password)){throw  new  IncorrectCredentialsException();}return new SimpleAuthenticationInfo(username,password,getName());}
}

shiroiniTest类

package com.geyao.shiro.test;import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.authz.permission.WildcardPermissionResolver;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;public class ShiroIniTest {public static void main(String[] args){DefaultSecurityManager securityManager =new DefaultSecurityManager();ModularRealmAuthenticator authenticator=new ModularRealmAuthenticator();authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());securityManager.setAuthenticator(authenticator);ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer();authorizer.setPermissionResolver(new WildcardPermissionResolver());securityManager.setAuthorizer(authorizer);securityManager.setRealm(new MyRealm());SecurityUtils.setSecurityManager(securityManager);Subject subject = SecurityUtils.getSubject();UsernamePasswordToken token = new UsernamePasswordToken("test", "123456");//UsernamePasswordToken token2 = new UsernamePasswordToken("password", "wei");try {// 4、登录，即身份验证subject.login(token);System.out.println("登录密码成功");}catch (AuthenticationException e){e.printStackTrace();System.out.println("登录密码失败");}}
}

运行结果