今天有时间学习一下shiro–简单的java安全框架
1.这是我的maven结构,如果你的ini文件创建的时候内容出现红线,可以安装Ini4idea
2.新建shiro.ini文件并添加身份,以及认证的用户名密码
[users]
zhangsan=123
wang=123
3.添加pom依赖
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<version>1.8.0-beta1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.10.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
4.测试用例
基本思路:
①身份认证的用户名密码
②绑定SecurityUtils的securityManager实例
③获取SecurityUtils的subject
④创建token
⑤subject.login(token)进行登录认证身份
⑥subject退出
@Test
public void TestShiro(){
//获取Security的工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//2.得到securityManager的实例,并绑定SecurityUtils
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
//3.得到subject
Subject subject = SecurityUtils.getSubject();
//4.创建用户名/密码身份验证Token
UsernamePasswordToken token = new UsernamePasswordToken("wang","123");
//5.登录
try {
subject.login(token);
System.out.println("haha");
System.out.println(token.getUsername()+":" + token.getPassword());
}catch (AuthenticationException ae){
//验证失败
logger.info("验证失败");
}
//6.断言
Assert.assertEquals(true, subject.isAuthenticated());
//7.退出
subject.logout();
}