shiro测试用例

测试代码

package com.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;

public class AuthenticationTest {

    //用户登录、用户退出
    @Test
    public void testLoginLogout(){
        // 构建SecurityManager工厂，IniSecurityManagerFactory可以从ini文件中初始化SecurityManager环境
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-cryptography.ini");
        
        //通过工厂创建SecurityManager
        SecurityManager securityManager = factory.getInstance();
        
        //将securityManager设置到运行环境中
        SecurityUtils.setSecurityManager(securityManager);
        
        //创建一个subject实例，该实例认证要使用上边创建的securityManager进行
        Subject subject = SecurityUtils.getSubject();
        
        //创建token令牌，记录用户认证的身份和凭证即账号和密码
        UsernamePasswordToken token = new UsernamePasswordToken("zhang", "111111");
        
        try {
            //用户登陆
            subject.login(token);
        } catch (AuthenticationException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        
        //用户认证状态
        boolean isAuthenticated = subject.isAuthenticated();
        
        System.out.println("用户认证状态："+isAuthenticated);
        
        //用户退出
        subject.logout();
        
        isAuthenticated = subject.isAuthenticated();
        
        System.out.println("用户认证状态："+isAuthenticated);
    }
}

其中配置文件内容为：

[main]
#定义凭证匹配器
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher
#散列算法
credentialsMatcher.hashAlgorithmName=md5
#散列次数
credentialsMatcher.hashIterations=1

#将凭证匹配器设置到realm
customRealm = com.shiro.CustomRealm1
customRealm.credentialsMatcher=$credentialsMatcher
#将realm设置到securityManager
securityManager.realms=$customRealm

指向的realm文件的代码为：

package com.shiro;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

public class CustomRealm1 extends AuthorizingRealm{

    @Override
    public String getName() {
        return "customRealm1";
    }
    
    //支持UsernamePasswordToken
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof UsernamePasswordToken;
    }

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(
            PrincipalCollection principals) {
        return null;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken token) throws AuthenticationException {
        
        //从token中获取 用户身份信息
        String username = (String) token.getPrincipal();
        //拿username从数据库中查询
        //....
        //如果查询不到则返回null
        if(!username.equals("zhang")){//这里模拟查询不到
            return null;
        }
        
        //获取从数据库查询出来的用户密码 
        String password = "cb571f7bd7a6f73ab004a70322b963d5";//这里使用静态数据模拟。。
        //盐，随机数，此随机数也在数据库存储
        String salt = "eteokues";
        
        //返回认证信息由父类AuthenticatingRealm进行认证
        SimpleAuthenticationInfo simpleAuthenticationInfo = 
                new SimpleAuthenticationInfo(
                        username, password,ByteSource.Util.bytes(salt),getName());
        return simpleAuthenticationInfo;
    }

}

测试结果为