Shiro的身份验证:
Subject认证主体包含两个信息:
身份:可以是用户名、邮件、手机号等用来标识一个登录主体的身份
凭证:常见的有密码,数字证书等
Realm:域 Shiro从Realm中获取验证数据
Realm有很多种:JdbcRealm , jndiRealm , textRealm
下面介绍JdbcRealm的用法:
首先先建一个数据库:db_shiro 表名为users 字段名为userName password
向其中插入一条数据:
①建一个maven项目 引入依赖
<dependencies>
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core shiro-core核心包 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 日志slf4j -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.12</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging 配合log4j达到解耦的目的-->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.mchange/c3p0 数据库连接池-->
<dependency>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.5.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java 连接数据库包-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>6.0.6</version>
</dependency>
</dependencies>
②在/src/main/resources/ 目录下建一个jdbc_realm.ini的配置文件
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
dataSource.driverClass=com.mysql.jdbc.Driver
dataSource.jdbcUrl=jdbc:mysql://localhost:3306/db_shiro?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=GMT
dataSource.user=root
dataSource.password=root
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm
【main】不可改变 必须加 =相当于new一个对象 .相当于set方法 $dataSource 相当于对象的引用。
③JdbcRealmTest 实例
public class JdbcRealmTest {
public static void main(String[] args) {
//读取配置文件,初始化SecurityManager
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:jdbc_realm.ini");
//获取到SecurityManager实例
SecurityManager securityManager = factory.getInstance();
//将SecurityManager绑定到SecurityUtils
SecurityUtils.setSecurityManager(securityManager);
//得到当前执行的用户
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("java", "123456");
try{
currentUser.login(usernamePasswordToken);
System.out.println("登录成功");
}catch(AuthenticationException e){
e.printStackTrace();
System.out.println("登录失败");
}
currentUser.logout(); //退出登录
}
}