shiro权限认证:
具体的认证流程是这样的:
一般流程:
通过.ini的文件来初始化工厂,.ini的文件的好处是可以创建多个组,而.properties的文件只能创建一组。
系统默认有shiro.ini的文件,但是一般我们是自定义数据源Realm:来存放数据;
该类如下:这里采用了模拟数据库;
package cn.itcast.shiro;
import java.util.HashMap;
import java.util.Map;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class TestCustomRealm extends AuthorizingRealm{
//模拟数据库
private static HashMap<String,String> userInfo=new HashMap<String,String>();
static{
userInfo.put("zhangsan","123456");
userInfo.put("lisi","1234");
}
@Override
public void setName(String name) {
// TODO Auto-generated method stub
super.setName("testCustomRealm");
}
//认证功能
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String userCode=(String) token.getPrincipal();
String pwd=null;
for (Map.Entry<String,String> entry:userInfo.entrySet()) {
pwd=entry.getValue();
break;
}
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userCode, pwd,this.getName());
return simpleAuthenticationInfo;
}
//授权功能
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
return null;
}
}
测试的话就是跟之前一样创建工厂,不同的是运用了.ini的文件换了。