shiro认证

1.新建maven项目，导入shiro的jar包

<!--导入shiro依赖的commons-loggin的jar包-->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
<!--导入shiro的jar包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.3</version>
</dependency>


2.创建shiro的认证文件

#声明用户的对象
[users]
#=号前面是用户名 后面是密码
zhang=123456
li=654321

3、进行测试

package com.aaa.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;

public class ShiroTest01 {
    public static void main(String[] args) {
        //创建生成SecurityManager的工厂类对象
        Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro.ini");
        //创建SecurityManager对象
        SecurityManager securityManager = factory.getInstance();
        //把SecurityManager对象设置给SecurityUtil对象
        SecurityUtils.setSecurityManager(securityManager);
        //获取验证的主题，当前主题是用户对象
        Subject subject = SecurityUtils.getSubject();
        //声明要比对的用户名和密码的用户对像，相当于之前前台传过来的要校验的登录信息
        UsernamePasswordToken token=new UsernamePasswordToken("张三","123456");

        try{
            //进行用户校验
            subject.login(token);
            System.out.println("校验成功");
        }catch(UnknownAccountException e){
            System.out.println("您输入的用户名不存在");
        }catch (IncorrectCredentialsException e){
            System.out.println("您输入的密码不存在");
        }catch(AuthenticationException e){
            System.out.println("校验失败");
        }
    }
}

还可以自定义realm文件

package com.aaa.realm;

import org.apache.shiro.authc.*;
import org.apache.shiro.realm.Realm;

public class MyRealm implements Realm {
    /**
     * 设置本realm的名字
     * @return
     */
    public String getName() {
        return "myRealm";
    }

    //设置本realm支持什么样的数据校验
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof UsernamePasswordToken;
    }

    //获取认证信息
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
       //获取用户传过来的用户名和密码
        String username =(String) authenticationToken.getPrincipal();
        char[] credentials = (char[]) authenticationToken.getCredentials();
        String password=new String(credentials);
        //根据用户名和密码查询数据库看看能不能查询到数据
        if (username.equals("张三")&&password.equals("123456")){
            return new SimpleAuthenticationInfo(username,password,this.getName());
        }else{
            //校验失败
            throw new AuthenticationException("用户名或者密码错误");
        }

    }
}


2、在shiro的主配置文件中声明自定义的realm

#声明自定义的realm
myRealm=com.aaa.realm.MyRealm
#设置安全管理器使用我们自定义的realm
securityManager.realms=$myRealm


3.测试
package com.aaa.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;

public class ShiroTest02 {
    public static void main(String[] args) {
        //获取SecurityManager的工厂类对象
        Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro-custom.ini");
        //获取SecurityManage对象
        SecurityManager securityManager = factory.getInstance();
        //把securityManager对像存储到securityUtil对象中
        SecurityUtils.setSecurityManager(securityManager);
        //获取主题对象  也就是当前用户
        Subject subject = SecurityUtils.getSubject();
        //声明要比较的用户名和密码
        UsernamePasswordToken token=new UsernamePasswordToken("张三","123456");

        try{
            subject.login(token);
            System.out.println("登录成功");
        }catch (AuthenticationException e){
            System.out.println("登录失败");
        }

        //退出登录
        subject.logout();

    }
}

三、jdbcRealm

需要导入oracle和dbcp的jar包数据库中要有表



#声明数据源
dataSource=org.apache.commons.dbcp.BasicDataSource
#声明数据源的一些连接属性
dataSource.driverClassName=oracle.jdbc.driver.OracleDriver
dataSource.url=jdbc:oracle:thin:@localhost:1521:orcl
dataSource.username=scott
dataSource.password=tiger
#声明jdbcrealm
jdbcrealm=org.apache.shiro.realm.jdbc.JdbcRealm
#声明jdbcrealm需要用到的数据源属性
jdbcrealm.dataSource=$dataSource
#设置安全管理器使用的jdbcrealm
securityManager.realms=$jdbcrealm


测试
package com.aaa.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;

public class ShiroTest03 {
    public static void main(String[] args) {
        //获取SecurityManager的工厂类对象
        Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-jdbcrealm.ini");
        //获取SecurityManager对象
        SecurityManager securityManager = factory.getInstance();
        //把securityManager对象设置到SecurityUtils对象中
        SecurityUtils.setSecurityManager(securityManager);
        //获取当前主题，即当前对象
        Subject subject = SecurityUtils.getSubject();
        //传入要验证的用户名和密码
        UsernamePasswordToken token=new UsernamePasswordToken("张三","123456");

        try{
            subject.login(token);
            System.out.println("验证成功");
        }catch (AuthenticationException e){
            System.out.println("校验失败");
        }
    }
}