自定義Realm實現認證

Shiro默認使用自帶的 IniRealm，IniRealm從ini配置文件中讀取用戶的信息，大部分情況下需要從系統的數據庫中讀取用戶信息，所以需要自定義realm。

---

---

1，Realm接口

最基礎的是Realm接口，CachingRealm負責緩存處理，AuthenticatingRealm負責認證，AuthorizingRealm負責授權，

通常自定義的realm繼承AuthorizingRealm

---

---

---

---

?

shiro.ini

User.java

package com.sxt.domain;import java.util.Date;public class User {private Integer id;private String username;private String pwd;private Date createtime;public User() {}public User(Integer id, String username, String pwd, Date createtime) {super();this.id = id;this.username = username;this.pwd = pwd;this.createtime = createtime;}public Integer getId() {return id;}public void setId(Integer id) {this.id = id;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPwd() {return pwd;}public void setPwd(String pwd) {this.pwd = pwd;}public Date getCreatetime() {return createtime;}public void setCreatetime(Date createtime) {this.createtime = createtime;} }

UserService.java

package com.sxt.service;import com.sxt.domain.User;public interface UserService {/*** 根據用戶名查詢用戶對象*/public User queryUserByUserName(String username);}

UserServiceImpl.java

package com.sxt.service.imp;import java.util.Date;import com.sxt.domain.User; import com.sxt.service.UserService;public class UserServiceImpl implements UserService {@Overridepublic User queryUserByUserName(String username) {User user=null;switch (username) {case "zhangsan":user=new User(1, "zhangsan", "123456", new Date());break;case "lisi":user=new User(2, "lisi", "123456", new Date());break;case "wangwu":user=new User(3, "wangwu", "123456", new Date());break;}return user;}}

UserRealm.java

package com.sxt.realm;import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.realm.AuthenticatingRealm;import com.sxt.domain.User; import com.sxt.service.UserService; import com.sxt.service.imp.UserServiceImpl;public class UserRealm extends AuthenticatingRealm {private UserService userService=new UserServiceImpl();/*** 做認證*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {String username=token.getPrincipal().toString();token.getCredentials();System.out.println(username);/*** 以前登陸的邏輯是 把用戶和密碼全部發到數據庫 去匹配* 在shiro里面是先根據用戶名把用戶對象查詢出來，再來做密碼匹配*/User user=userService.queryUserByUserName(username);if(null!=user) {/*** 參數說明* 參數1:可以傳到任意對象* 參數2:從數據庫里面查詢出來的密碼* 參數3:當前類名*/SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(user, user.getPwd(), this.getName());return info;}else {//用戶不存在 shiro會拋 UnknowAccountExceptionreturn null;}}}

TestAuthenticationApp.java

package com.sxt.shiro;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; import org.slf4j.Logger; import org.slf4j.LoggerFactory;/*** shiro的認證使用shiro.ini文件**/ @SuppressWarnings("deprecation") public class TestAuthenticationApp {// 日志輸出工具private static final transient Logger log = LoggerFactory.getLogger(TestAuthenticationApp.class);public static void main(String[] args) {String username = "zhangsan";String password = "123456";log.info("My First Apache Shiro Application");// 1，創建安全管理器的工廠對象 org.apache.shiro.mgt.SecurityManager;// 不能使用java.lang.SecurityManagerFactory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");// 2,使用工廠創建安全管理器DefaultSecurityManager securityManager = (DefaultSecurityManager) factory.getInstance();// 3,創建UserRealm // UserRealm realm = new UserRealm();// 4,給securityManager注入userRealm // securityManager.setRealm(realm);// 6,把當前的安全管理器綁定當到線的線程SecurityUtils.setSecurityManager(securityManager);// 7,使用SecurityUtils.getSubject得到主體對象Subject subject = SecurityUtils.getSubject();// 8，封裝用戶名和密碼AuthenticationToken token = new UsernamePasswordToken(username, password);// 9,得到認證try {subject.login(token);System.out.println("認證通過");Object principal = subject.getPrincipal();System.out.println(principal);} catch (IncorrectCredentialsException e) {System.out.println("密碼不正確");} catch (UnknownAccountException e) {System.out.println("用戶名不存在");}} }

總結

以上是生活随笔為你收集整理的自定义Realm实现认证的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。