Realm简介:
重要的事再说一遍,数据域,Shiro和安全数据的连接器,好比jdbc连接数据库; 通过realm获取认证授权相关信息
realm作用:
Shiro 从 Realm 获取安全数据
默认自带的realm:
idae查看realm继承关系,有默认实现和自定义继承的realm
两个概念:
principal : 主体的标示,可以有多个,但是需要具有唯一性,常见的有用户名,手机号,邮箱等
credential:凭证, 一般就是密码
所以一般我们说 principal + credential 就账号 + 密码
开发中,往往是自定义realm , 即集成 AuthorizingRealm
JdbcRealm:
创建jdbcRealm数据库表:
sql语句:
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for roles_permissions
-- ----------------------------
DROP TABLE IF EXISTS `roles_permissions`;
CREATE TABLE `roles_permissions` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`role_name` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`permission` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE INDEX `idx_roles_permissions`(`role_name`, `permission`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 6 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of roles_permissions
-- ----------------------------
INSERT INTO `roles_permissions` VALUES (4, 'admin', 'video:*');
INSERT INTO `roles_permissions` VALUES (3, 'role1', 'video:buy');
INSERT INTO `roles_permissions` VALUES (2, 'role1', 'video:find');
INSERT INTO `roles_permissions` VALUES (5, 'role2', '*');
INSERT INTO `roles_permissions` VALUES (1, 'root', '*');
-- ----------------------------
-- Table structure for user_roles
-- ----------------------------
DROP TABLE IF EXISTS `user_roles`;
CREATE TABLE `user_roles` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`username` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`role_name` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE INDEX `idx_user_roles`(`username`, `role_name`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 5 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of user_roles
-- ----------------------------
INSERT INTO `user_roles` VALUES (1, 'woxbwo', 'role1');
INSERT INTO `user_roles` VALUES (2, 'woxbwo', 'role2');
INSERT INTO `user_roles` VALUES (4, 'zbbiex', 'admin');
INSERT INTO `user_roles` VALUES (3, 'zbbiex', 'root');
-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`username` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`password` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`password_salt` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE INDEX `idx_users_username`(`username`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of users
-- ----------------------------
INSERT INTO `users` VALUES (1, 'woxbwo', '456', NULL);
INSERT INTO `users` VALUES (2, 'zbbiex', '123', NULL);
SET FOREIGN_KEY_CHECKS = 1;
1、方式一:
创建jdbcrealm.ini文件,放到resource目录下,文件内容为:
#注意 文件格式必须为ini,编码为ANSI
#声明Realm,指定realm类型
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
#配置数据源
#dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
dataSource=com.alibaba.druid.pool.DruidDataSource
# mysql-connector-java 5 用的驱动url是com.mysql.jdbc.Driver,mysql-connector-java6以后用的是com.mysql.cj.jdbc.Driver
dataSource.driverClassName=com.mysql.cj.jdbc.Driver
#避免安全警告
dataSource.url=jdbc:mysql://127.0.0.1:3306/is-shiro-test?characterEncoding=UTF-8&serverTimezone=UTC&useSSL=false
dataSource.username=root
dataSource.password=123456
#指定数据源
jdbcRealm.dataSource=$dataSource
#开启查找权限
jdbcRealm.permissionsLookupEnabled=true
#指定SecurityManager的Realms实现,设置realms,可以有多个,用逗号隔开
securityManager.realms=$jdbcRealm
上代码:
@Test
public void shiroJdbcRealmTest(){
//创建SecurityManager工厂,通过配置文件ini创建
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:jdbcrealm.ini");
SecurityManager securityManager = factory.getInstance();
//将securityManager 设置到当前运行环境中
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
//用户输入的账号密码
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("woxbwo", "456");
subject.login(usernamePasswordToken);
//org.apache.shiro.realm.jdbc.JdbcRealm
System.out.println(" 认证结果:"+subject.isAuthenticated());
System.out.println(" 是否有对应的role1角色:"+subject.hasRole("role1"));
System.out.println("是否有video:find权限:"+ subject.isPermitted("video:find"));
}
测试结果:
认证结果:true
02:34:43.991 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No authorizationCache instance set. Checking for a cacheManager...
02:34:43.992 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No cache or cacheManager properties have been set. Authorization cache cannot be obtained.
是否有对应的role1角色:true
02:34:44.089 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No authorizationCache instance set. Checking for a cacheManager...
02:34:44.089 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No cache or cacheManager properties have been set. Authorization cache cannot be obtained.
是否有video:find权限:true
方式二 :
上代码:
@Test
public void shiroJdbcRealmTest2(){
String driveName = "com.mysql.cj.jdbc.Driver";
String dbUrl = "jdbc:mysql://127.0.0.1:3306/is-shiro-test?characterEncoding=UTF-8&serverTimezone=UTC&useSSL=false";
String userName = "root";
String pwd = "123456";
DefaultSecurityManager securityManager = new DefaultSecurityManager();
DruidDataSource ds = new DruidDataSource();
ds.setDriverClassName(driveName);
ds.setUrl(dbUrl);
ds.setUsername(userName);
ds.setPassword(pwd);
JdbcRealm jdbcRealm = new JdbcRealm();
jdbcRealm.setPermissionsLookupEnabled(true);
jdbcRealm.setDataSource(ds);
securityManager.setRealm(jdbcRealm);
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
//用户输入的账号密码
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("zbbiex", "123");
subject.login(usernamePasswordToken);
System.out.println(" 认证结果:"+subject.isAuthenticated());
System.out.println(" 是否有对应的role1角色:"+subject.hasRole("role1"));
System.out.println("是否有video:find权限:"+ subject.isPermitted("video:find"));
System.out.println("是否有任意权限:"+ subject.isPermitted("aaaa:xxxxxxxxx"));
}
测试结果:
认证结果:true
02:54:26.188 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No authorizationCache instance set. Checking for a cacheManager...
02:54:26.188 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No cache or cacheManager properties have been set. Authorization cache cannot be obtained.
是否有对应的role1角色:false
02:54:26.276 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No authorizationCache instance set. Checking for a cacheManager...
02:54:26.276 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No cache or cacheManager properties have been set. Authorization cache cannot be obtained.
是否有video:find权限:true
02:54:26.363 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No authorizationCache instance set. Checking for a cacheManager...
02:54:26.363 [main] DEBUG org.apache.shiro.realm.AuthorizingRealm - No cache or cacheManager properties have been set. Authorization cache cannot be obtained.
是否有任意权限:true