Shiro-自定义Realm+Md5

1.文件结构

2.pom.xml导入包

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

  <modelVersion>4.0.0</modelVersion>
  <packaging>war</packaging>

  <name>shiro01</name>
  <groupId>shiro</groupId>
  <artifactId>shiro01</artifactId>
  <version>1.0-SNAPSHOT</version>

  <build>

  </build>

  <dependencies>
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>javax.servlet-api</artifactId>
      <version>3.0.1</version>
      <scope>provided</scope>
    </dependency>
    <!-- shiro-core -->
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-core</artifactId>
      <version>1.3.2</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/junit/junit -->
    <dependency>
      <groupId>commons-logging</groupId>
      <artifactId>commons-logging</artifactId>
      <version>1.1.1</version>
    </dependency>


  </dependencies>

</project>

3.shiro-realm-md5.xml配置

[main]
#定义凭证匹配器
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher
#散列算法
credentialsMatcher.hashAlgorithmName=md5
#散列次数
credentialsMatcher.hashIterations=1
#将凭证匹配器设置到realm
customRealm=top.wyyblog.md5.realm.CustomRealmMd5
customRealm.credentialsMatcher=$credentialsMatcher
securityManager.realms=$customRealm

4.AuthenticationTest.java

package top.wyyblog.md5.realm;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;

/**
 * 认证测试
 */
public class AuthenticationTest {

    public static void main(String[] args) {
        //创建SecurityFactory工厂
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:conf/shiro-realm-md5.ini");
        //创建SecurityManager
        SecurityManager securityManager = factory.getInstance();
        //将SecurityManager设置到当前的运行环境中
        SecurityUtils.setSecurityManager(securityManager);
        //从SecurityUtils里面构造一个subject
        Subject subject = SecurityUtils.getSubject();
        //认证提交前需要准备token
        UsernamePasswordToken token = new UsernamePasswordToken("admin","111111");
        //执行认证提交
        try {
            subject.login(token);
            System.out.println("登录成功!");
        }catch (UnknownAccountException e){//账户不存在抛出异常UnknownAccountException
            System.out.println("UnknownAccountException，账户不存在");
        }catch (IncorrectCredentialsException e){
            System.out.println("IncorrectCredentialsException，密码错误");
        }
        //是否认证通过
        boolean isAuthenticated = subject.isAuthenticated();
        System.out.println(isAuthenticated);
        //退出
        subject.logout();
    }

}

5.CustomRealmMd5.java

package top.wyyblog.md5.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

/**
 * 自定义Realm
 */
public class CustomRealmMd5 extends AuthorizingRealm{

    //设置realm 的名称
    @Override
    public void setName(String name) {
        super.setName("CustomRealmMd5");
    }

    /**
     * 用于认证
     * @param token
     * @return
     * @throws AuthenticationException
     */
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //第一步：从token中取出用户信息
        String userCode = (String)token.getPrincipal();
        //第二步：根据用户输入的账户从数据库查询


        //如果查询不到返回null
        //数据库中用户账号是admin
        if (!userCode.equals("admin")){
            return null;
        }
        System.out.println("验证密码");

        //模拟从数据库查询的密码,这里是散列后的值,（散列1次）
        String password = "f3694f162729b7d0254c6e40260bf15c";
        //从数据库获取盐
        String salt = "qwerty";

        //上面组合原文密码为 111111

        //如果查询到返回  AuthenticationInfo
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userCode,password, ByteSource.Util.bytes(salt),this.getName());
        return simpleAuthenticationInfo;

    }

    /**
     * 用于授权
     * @param principalCollection
     * @return
     */
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }


}