1.新建maven项目,导入shiro的jar包
<!--导入shiro依赖的commons-loggin的jar包-->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
<!--导入shiro的jar包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.3</version>
</dependency>
2.创建shiro的认证文件
#声明用户的对象
[users]
#=号前面是用户名 后面是密码
zhang=123456
li=654321
3、进行测试
package com.aaa.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ShiroTest01 {
public static void main(String[] args) {
//创建生成SecurityManager的工厂类对象
Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro.ini");
//创建SecurityManager对象
SecurityManager securityManager = factory.getInstance();
//把SecurityManager对象设置给SecurityUtil对象
SecurityUtils.setSecurityManager(securityManager);
//获取验证的主题,当前主题是用户对象
Subject subject = SecurityUtils.getSubject();
//声明要比对的用户名和密码的用户对像,相当于之前前台传过来的要校验的登录信息
UsernamePasswordToken token=new UsernamePasswordToken("张三","123456");
try{
//进行用户校验
subject.login(token);
System.out.println("校验成功");
}catch(UnknownAccountException e){
System.out.println("您输入的用户名不存在");
}catch (IncorrectCredentialsException e){
System.out.println("您输入的密码不存在");
}catch(AuthenticationException e){
System.out.println("校验失败");
}
}
}
还可以自定义realm文件
package com.aaa.realm;
import org.apache.shiro.authc.*;
import org.apache.shiro.realm.Realm;
public class MyRealm implements Realm {
/**
* 设置本realm的名字
* @return
*/
public String getName() {
return "myRealm";
}
//设置本realm支持什么样的数据校验
public boolean supports(AuthenticationToken authenticationToken) {
return authenticationToken instanceof UsernamePasswordToken;
}
//获取认证信息
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取用户传过来的用户名和密码
String username =(String) authenticationToken.getPrincipal();
char[] credentials = (char[]) authenticationToken.getCredentials();
String password=new String(credentials);
//根据用户名和密码查询数据库看看能不能查询到数据
if (username.equals("张三")&&password.equals("123456")){
return new SimpleAuthenticationInfo(username,password,this.getName());
}else{
//校验失败
throw new AuthenticationException("用户名或者密码错误");
}
}
}
2、在shiro的主配置文件中声明自定义的realm
#声明自定义的realm
myRealm=com.aaa.realm.MyRealm
#设置安全管理器使用我们自定义的realm
securityManager.realms=$myRealm
3.测试
package com.aaa.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ShiroTest02 {
public static void main(String[] args) {
//获取SecurityManager的工厂类对象
Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro-custom.ini");
//获取SecurityManage对象
SecurityManager securityManager = factory.getInstance();
//把securityManager对像存储到securityUtil对象中
SecurityUtils.setSecurityManager(securityManager);
//获取主题对象 也就是当前用户
Subject subject = SecurityUtils.getSubject();
//声明要比较的用户名和密码
UsernamePasswordToken token=new UsernamePasswordToken("张三","123456");
try{
subject.login(token);
System.out.println("登录成功");
}catch (AuthenticationException e){
System.out.println("登录失败");
}
//退出登录
subject.logout();
}
}
三、jdbcRealm
需要导入oracle和dbcp的jar包数据库中要有表
#声明数据源
dataSource=org.apache.commons.dbcp.BasicDataSource
#声明数据源的一些连接属性
dataSource.driverClassName=oracle.jdbc.driver.OracleDriver
dataSource.url=jdbc:oracle:thin:@localhost:1521:orcl
dataSource.username=scott
dataSource.password=tiger
#声明jdbcrealm
jdbcrealm=org.apache.shiro.realm.jdbc.JdbcRealm
#声明jdbcrealm需要用到的数据源属性
jdbcrealm.dataSource=$dataSource
#设置安全管理器使用的jdbcrealm
securityManager.realms=$jdbcrealm
测试
package com.aaa.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
public class ShiroTest03 {
public static void main(String[] args) {
//获取SecurityManager的工厂类对象
Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro-jdbcrealm.ini");
//获取SecurityManager对象
SecurityManager securityManager = factory.getInstance();
//把securityManager对象设置到SecurityUtils对象中
SecurityUtils.setSecurityManager(securityManager);
//获取当前主题,即当前对象
Subject subject = SecurityUtils.getSubject();
//传入要验证的用户名和密码
UsernamePasswordToken token=new UsernamePasswordToken("张三","123456");
try{
subject.login(token);
System.out.println("验证成功");
}catch (AuthenticationException e){
System.out.println("校验失败");
}
}
}
