复习之shiro安全框架（四）——自定义Realm

创建自定义CustomRealm类继承AuthorizingRealm

我们可以发现SimpleAccountRealm、JdbcRealm都是继承AuthorizingRealm，所有自定义Realm也继承它

实现父类方法、Realm数据库中数据使用

 public class CustomRealm extends AuthorizingRealm{
    //模拟数据库 user数据
    Map<String,String> userMap =new HashMap<String, String>(16);
    {
        userMap.put("maniy","993121f227e2cef658c392549708d60c");
        super.setName("customRealm");
    }
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String userName = (String) principalCollection.getPrimaryPrincipal();
        Set<String> roles =getRolesByUserName(userName);

        Set<String> permissions = getPermissionByUserName(userName);
        SimpleAuthorizationInfo simpleAuthorizationInfo =new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setStringPermissions(permissions);
        simpleAuthorizationInfo.setRoles(roles);
        return simpleAuthorizationInfo;
    }
    /**
     * 模拟数据库权限认证
     * @param userName
     * @return
     */
    private Set<String> getPermissionByUserName(String userName) {
     Set<String> sets =new HashSet<String>();
     sets.add("user:delete");
     sets.add("user:add");
     return sets;
    }
    /**
     * 模拟数据库角色认证
     * @param userName
     * @return
     */
    private Set<String> getRolesByUserName(String userName) {
        Set<String> sets =new HashSet<String>();
        sets.add("admin");
        sets.add("user");
        return sets;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
            throws AuthenticationException {
        //1.从主体传过来额认证信息中，获得用户名
        String userName = (String) authenticationToken.getPrincipal();
        //2.通过用户名到数据库中获取凭证
        String password = getPasswordByUserName(userName);
        if(password == null){
            return null;
        }
        SimpleAuthenticationInfo simpleAuthenticationInfo =new SimpleAuthenticationInfo
                ("maniy",password,"customRealm");
        //shiro需要知道用了什么盐，在去解析密码
        simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("maniy"));

        return simpleAuthenticationInfo;
    }

    /**
     * 模拟数据库查询认证
     * @param username
     * @return
     */
    private String getPasswordByUserName(String username){
        //
        return userMap.get(username);
    }

    public static void main(String[] args) {
        //单一的是密码加密容易破解，这时候就需要 加盐
        Md5Hash md5Hash= new Md5Hash("123456","maniy");
        System.out.println(md5Hash);
    }
}

使用自定义Realm

public class CustomRealmTest {
    @Test
    public void testAUthentication() {

        CustomRealm customRealm = new CustomRealm();

        //1.构建SecurityManager环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(customRealm);

        HashedCredentialsMatcher matcher= new HashedCredentialsMatcher();
        //加密的方法 md5
        matcher.setHashAlgorithmName("md5");
        //加密的次数 1次
        matcher.setHashIterations(1);
        customRealm.setCredentialsMatcher(matcher);

        //2.主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("maniy", "123456");
        subject.login(token);

        System.out.println("isAuthenticated:"+subject.isAuthenticated());

        subject.checkRole("admin");

        subject.checkPermissions("user:add","user:delete");
    }
}