Realm: 域。Shiro 从从 Realm 获取安全数据(如用户、角色、权限),就是说 SecurityManager 要验证用户身份,那么它需要从 Realm 获取相应的用户进行比较以确定用户身份是否合法;也需要从 Realm 得到用户相应的角色 / 权限进行验证用户是否能进行操作;可以把 Realm 看成 DataSource,即安全数据源。
一、内置Realm
内置Realm分为两种,IniRealm和JdbcReaml。
1.1、IniReaml
package first.ShiroTest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
public class IniRealmTest {
@Test
public void testAuthentication1() {
IniRealm iniRealm = new IniRealm("classpath:user.ini");
//1、构建SecurityManager环境
//安全管理器。即所有与安全有关的操作都会与SecurityManager交互
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(iniRealm);
//2、主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();//获取主体
UsernamePasswordToken token = new UsernamePasswordToken("Mark", "123456");//提交认证
subject.login(token);
System.out.println("是否认证:"+subject.isAuthenticated());
subject.checkRole("admin");
subject.checkPermission("user:update");
}
}
user.ini
[users]
Mark=123456,admin
[roles]
admin=user:delete,user:update
执行单元测试,通过:
1.2 JdbcRealm
通过JDBC连接数据库
package first.ShiroTest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import com.alibaba.druid.pool.DruidDataSource;
public class JdbcRealmTest {
DruidDataSource dataSource = new DruidDataSource();
{
dataSource.setUrl("jdbc:mysql://此处填写IP地址:3336/shiro_test");
dataSource.setUsername("此处填写账号");
dataSource.setPassword("此处填写密码");
}
//Shiro认证
@Test
public void testAuthentication1() {
JdbcRealm jdbcRealm = new JdbcRealm();
jdbcRealm.setDataSource(dataSource);
jdbcRealm.setPermissionsLookupEnabled(true);//需要设置权限开关,默认是关闭的
String sql = "select password from test_user where username = ?";//自定义sql
jdbcRealm.setAuthenticationQuery(sql);
String roleSql = "select role_name from test_user_role where user_name = ?";
jdbcRealm.setUserRolesQuery(roleSql);
String permissionSql = "select permission from test_role_permission where role = ?";
jdbcRealm.setPermissionsQuery(permissionSql);
//1、构建SecurityManager环境
//安全管理器。即所有与安全有关的操作都会与SecurityManager交互
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(jdbcRealm);
//2、主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();//获取主体
UsernamePasswordToken token = new UsernamePasswordToken("kimi", "654321");//提交认证
subject.login(token);
System.out.println("是否认证:"+subject.isAuthenticated());
subject.checkRole("user");
subject.checkPermission("user:select");
}
}
执行成功