自定义Realm

【单Realm】

1) jar包

2) 实现自定义Realm

public class RealmOne implements Realm{
    /**
     * 获取基本类名
     */
    @Override
    public String getName() {
        // TODO Auto-generated method stub
        System.out.println("className:" + this.getClass().getName());
        return this.getClass().getName();
    }
    
    /**
     * 判断token是否被支持
     */
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof UsernamePasswordToken;
    }

    /**
     * 执行登录验证
     */
    @Override
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {
        //获取用户名
        String principal = String.valueOf(token.getPrincipal());
        System.out.println("principal = " + principal);
        //获取密码
        
        String credentials =String.valueOf((char[])token.getCredentials());
        System.out.println("credentials=" + credentials);
        
        //验证用户名
        if(!"admin".equals(principal))
            throw new UnknownAccountException("用户名不存在");
        
        //验证密码
        if(!"123".equals(credentials))
            throw new IncorrectCredentialsException("密码错误!");
        
        return new SimpleAuthenticationInfo(principal, credentials, this.getName());
    }
}

3) 配置shiro

#声明realm
#变量名 = 类全名
realmOne =cn.hl.realm.RealmOne

#将realm分配给securityManager的realms属性
#securityManager    = SecurityUtils.securityManager
#realms =RealmSecurityManager.realms
#securityManager.realms =$变量名1,$变量名2,......
securityManager.realms=$realmOne

4) 测试

    //定义日志对象
    private static final transient Logger logger = LoggerFactory.getLogger(TestSingleRealm.class);
    
    public static void main(String[] args) {
        //1、获取Factory工厂类对象
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:single-shiro.ini");
        
        //2、通过工厂类获取SecurityManager对象
        SecurityManager securityManager = factory.getInstance();
        
        //3、将SecurityManager托管到SecurityUtils进行管理
        SecurityUtils.setSecurityManager(securityManager);
        
        //4、获取Subject对象
        Subject subject = SecurityUtils.getSubject();
        
        //5、通过Subject执行验证
        UsernamePasswordToken token = new UsernamePasswordToken("admin", "1234");
        try{
            subject.login(token);
        }
        catch(UnknownAccountException ex){
            System.out.println("账号不存在");
        }
        catch(IncorrectCredentialsException ex){
            System.out.println("密码错误");
        }
        
        if(subject.isAuthenticated())
            System.out.println("用户登录成功");
        
        //注销用户
        subject.logout();
    }

【多Realm】

1) 概述

多realm是为了满足不同登录验证方式而提供的，如：帐号、手机、邮箱等。

2) 自定义Realm

/**
 * 通过邮件地址和密码进行验证
 * @author Terry
 *
 */
public class RealmTwo implements Realm{

    @Override
    public String getName() {
        return this.getClass().getName();
    }

    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof UsernamePasswordToken;
    }

    @Override
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {
        //获取帐号信息
        String principal = String.valueOf(token.getPrincipal());
        //获取密码
        String credentials = String.valueOf((char[])token.getCredentials());
        
        //通过邮件地址进行验证
        if(!"admin@163.com".equals(principal))
            throw new UnknownAccountException("帐号信息不存在");
        
        if(!"123456".equals(credentials))
            throw new IncorrectCredentialsException("密码错误");
        
        return new SimpleAuthenticationInfo(principal,credentials,this.getName());
    }

}

3) 配置shiro

#声明realm
#变量名 = 类全名
realmOne =cn.hl.realm.RealmOne
realmTwo =cn.hl.realm.RealmTwo

#将realm分配给securityManager的realms属性
#多realm情况下执行顺序与配置顺序直接相关
securityManager.realms=$realmOne,$realmTwo

4) 测试

    //示例化Logger对象
    private static final transient Logger logger = LoggerFactory.getLogger(TestMultiRealm.class);
    
    public static void main(String[] args) {
        //1、示例化工厂对象
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:multi-shiro.ini");
        
        //2、示例化SecurityManager对象
        SecurityManager securityManager = factory.getInstance();
        
        //3、托管SecurityManager对象
        SecurityUtils.setSecurityManager(securityManager);
        
        //4、获取Subject对象
        Subject subject = SecurityUtils.getSubject();
        
        //5、通过Subject实现用户登录验证
        //UsernamePasswordToken token = new UsernamePasswordToken("admin","123");
        UsernamePasswordToken token = new UsernamePasswordToken("admin@163.com","123456");
        try{
            subject.login(token);
        }
        catch(UnknownAccountException ex){
            ex.printStackTrace();
        }
        catch(IncorrectCredentialsException ex){
            ex.printStackTrace();
        }
        
        if(subject.isAuthenticated())
            System.out.println("用户登录成功");
        
        //注销用户
        subject.logout();
    }

 

【JdbcRealm】

1) 概述

Shiro框架中默认提供了对数据库的支持，通常我们可以直接配置JdbcRealm来实现使用数据库进行验证。

2) 包

 

3) 配置shiro

dataSource                    =com.mchange.v2.c3p0.ComboPooledDataSource
dataSource.driverClass =com.mysql.jdbc.Driver
dataSource.jdbcUrl         =jdbc:mysql://localhost:3306/qqdb
dataSource.user            =root
dataSource.password    =123

#配置JdbcRealm
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $dataSource

#自定义验证Sql语句
#jdbcRealm.authenticationQuery=select password, password_salt from users where username = ?
jdbcRealm.authenticationQuery=select pwd from account where no=?

#自定义角色查询语句
#userRolesQuery = select role_name from user_roles where username = ?

#自定义权限查询语句
#permissionsQuery=select role_name from user_roles where username = ?

#配置SecurityManager的realms属性
securityManager.realms = $jdbcRealm

4)测试

    //示例化Logger对象
    private static final transient Logger logger = LoggerFactory.getLogger(TestJdbcRealm.class);
    
    public static void main(String[] args) {
        //1、示例化工厂对象
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:jdbc-shiro.ini");
        
        //2、示例化SecurityManager对象
        SecurityManager securityManager = factory.getInstance();
        
        //3、托管SecurityManager对象
        SecurityUtils.setSecurityManager(securityManager);
        
        //4、获取Subject对象
        Subject subject = SecurityUtils.getSubject();
        
        //5、通过Subject实现用户登录验证
        //UsernamePasswordToken token = new UsernamePasswordToken("admin","123");
        UsernamePasswordToken token = new UsernamePasswordToken("23456789","123");
        try{
            subject.login(token);
        }
        catch(UnknownAccountException ex){
            ex.printStackTrace();
        }
        catch(IncorrectCredentialsException ex){
            ex.printStackTrace();
        }
        
        if(subject.isAuthenticated())
            System.out.println("用户登录成功");
        
        //注销用户
        subject.logout();
    }

表数据：