shiro权限认证Realm的四大用法
2019-12-29 16:03:16来源:博客园 阅读 ()
shiro权限认证Realm的四大用法
一、SimpleAccountRealm
public class AuthenticationTest { SimpleAccountRealm sar=new SimpleAccountRealm(); @Before public void addUser() { sar.addAccount("mark", "123456","admin","user"); } @Test public void testAuthentication() { //1.构建seruritymanager环境 DefaultSecurityManager dsm=new DefaultSecurityManager(); dsm.setRealm(sar); //2.主题提交认证请求 SecurityUtils.setSecurityManager(dsm); Subject subject=SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken("mark","123456"); subject.login(token); System.out.println("isAuthenticated:"+subject.isAuthenticated()); subject.checkRoles("admin","user");}
二.IniRealm
public class IniRealmTest { @Test public void testIniRealm() { IniRealm realm=new IniRealm("classpath:user.ini"); DefaultSecurityManager defaultSerurityManager=new DefaultSecurityManager(); defaultSerurityManager.setRealm(realm); SecurityUtils.setSecurityManager(defaultSerurityManager); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken upt=new UsernamePasswordToken("mark","123456"); subject.login(upt); System.out.println("isAuthentication:"+subject.isAuthenticated()); subject.checkRole("admin"); subject.checkPermission("user:update"); } }三、JDBCRealm
public class JDBCRealmTest { DruidDataSource dataSource=new DruidDataSource(); { dataSource.setUrl("jdbc:mysql://localhost:3306/xxxx"); dataSource.setUsername("root"); dataSource.setPassword("root"); } @Test public void testJDBCRealm() { JdbcRealm realm=new JdbcRealm(); realm.setDataSource(dataSource); realm.setPermissionsLookupEnabled(true); //如果不用自己的sql,数据库表名必须与shiro默认的查询语句中的一致,一般情况下都是使用自定义的sql,如下: String sql="select password from test_user where user_name=?"; realm.setAuthenticationQuery(sql); String roleSql="select role_name from test_user_roles where user_name=?"; realm.setUserRolesQuery(roleSql); String permissionSql="select permission from test_roles_permissions where role_name=?"; realm.setPermissionsQuery(permissionSql); DefaultSecurityManager dsm=new DefaultSecurityManager(); dsm.setRealm(realm); SecurityUtils.setSecurityManager(dsm); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken("xm","123"); subject.login(token); System.out.println("isAuthencation:"+subject.isAuthenticated()); subject.checkRole("admin"); subject.checkRoles("admin","user"); subject.checkPermission("user:delete"); } }四、自定义Realm
public class customRealmTest { @Test public void testCustomRealm() { CustomRealm realm=new CustomRealm(); DefaultSecurityManager sdm=new DefaultSecurityManager(); sdm.setRealm(realm); HashedCredentialsMatcher hcm=new HashedCredentialsMatcher(); hcm.setHashAlgorithmName("md5"); hcm.setHashIterations(1); realm.setCredentialsMatcher(hcm); SecurityUtils.setSecurityManager(sdm); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken("mark","123456"); subject.login(token); System.out.println("isAuthencation:"+subject.isAuthenticated()); subject.checkRole("admin"); subject.checkRoles("admin","user"); subject.checkPermission("user:delete"); } } public class CustomRealm extends AuthorizingRealm { Map<String, String> userMap=new HashMap<>(); { //模拟数据库中查询出的数据 userMap.put("mark", "73bea81c6c06bacab41a995495239545"); super.setName("customReal"); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String userName = (String) principals.getPrimaryPrincipal(); //通过用户名获取数据库或缓存中的角色 Set<String> roles=getRolesByUserName(userName); Set<String> premissions=getpremissionsByUserName(userName); SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); info.setStringPermissions(premissions); info.setRoles(roles); return info; } private Set<String> getpremissionsByUserName(String userName) { Set<String> permission=new HashSet<>(); permission.add("user:delete"); return permission; } private Set<String> getRolesByUserName(String userName) { Set<String> roles=new HashSet<>(); roles.add("admin"); roles.add("user"); return roles; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { //1.通过主体传过来的信息获取用户名 String userName=(String) token.getPrincipal(); //2.通过用户名去数据库获取凭证 String password=getPassowrdByUserName(userName); if(password==null) { return null; } SimpleAuthenticationInfo info=new SimpleAuthenticationInfo("mark",password,"customReal"); //加盐--如果数据库中密码是加盐密文,此处应该设置盐的值 info.setCredentialsSalt(ByteSource.Util.bytes("mark")); return info; } private String getPassowrdByUserName(String userName) { //实际中去查数据库 这个方便演示 return userMap.get(userName); } public static void main(String[] args) { System.out.println((int)(1+Math.random()*10)); // Md5Hash hsh=new Md5Hash("123456"); //md5加密 Md5Hash hsh=new Md5Hash("123456","mark"); //MD5加密并加盐 更安全 System.out.println(hsh); } }原文链接:https://www.cnblogs.com/wlv1314/p/12115946.html
如有疑问请与原作者联系
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
相关文章
- java修饰符的访问权限 2020-06-10
- Java四种访问修饰符 2020-05-27
- java 访问控制权限 2020-05-18
- 如何用Spring Boot整合Shiro+JWT?这里教大家一最最简单的方 2020-05-13
- 【认证与授权】Spring Security自定义页面 2020-05-08
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
热门词条
最新资讯
热门关注
热门标签