// 1, obtaining SecurityManager plant, as used herein Ini profile initializes SecurityManager Factory's <org.apache.shiro.mgt.SecurityManager> Factory = new new IniSecurityManagerFactory (the configFile); // 2, and bind the instance to obtain SecurityManager SecurityUtils ORG. securityManager = apache.shiro.mgt.SecurityManager factory.getInstance (); SecurityUtils.setSecurityManager (securityManager); SecurityUtils.setSecurityManager (securityManager) Source: * * * provided a VM (static) singleton securityManager, specifically for using transparent * { @link #getSubject () getSubject ()} achieved. * <The p-/> * <b> This method calls the main framework for development support. Application developers rarely, * if necessary, need to call this method. </ B> * <P /> Shiro SecurityManager team prefer non-static instance of an application in a single * and <em> not </ EM> the VM static single embodiment. Do not use static memory applications that require some sort of singleton * application configuration framework for you to maintain SecurityManager instance of the application range * (eg, Spring or EJB3 environment), so an object reference does not need to be static. * <P /> In these environments, Shiro get topic data according to currently executing thread through his own thread * framework integration code, this is the preferred way to use Shiro's. * <The p-/> * However, in some circumstances, such as a standalone desktop application or applet does not use Spring or * EJB or similar configuration framework, VM- Singleton may be more meaningful (although the former is still the first choice). * In these environments, provided by this method SecurityManager automatically enabled * {@link #getSubject () the getSubject ()} call function, very little configuration. * <P /> * For example, in these environments, this will work: * <pre> * = DefaultSecurityManager securityManager new new{@link org.apache.shiro.mgt. DefaultSecurityManager} DefaultSecurityManager (); * securityManager. setRealms (...); // one or more domains * <b> SecurityUtils. the setSecurityManager (securityManager); </ B> </ pre> * <P /> * and anywhere in the application code, the following call returns relating to the application: * <pre> * the currentUser = SecurityUtil getSubject (). ; </ pre> * * @param securityManager securityManager the static VM instance to a single embodiment. * / Public void the setSecurityManager (the SecurityManager the SecurityManager) { SecurityUtils. securityManager = securityManager; } // 3, get Subject and create a user name / password authentication Token (ie, the user identity / credential) Subject Subject =SecurityUtils.getSubject (); UsernamePasswordToken token = new new UsernamePasswordToken (username, password); UsernamePasswordToken (username, password): Source: / * * * Constructs a new UsernamePasswordToken, username and password submitted package * in the verification process, the use of < TT> null </ TT> {@link #getHost ()} and Host * a <TT> Remember berme </ TT> default <TT> to false </ TT> * <P /> * <P> this is a convenient constructor, by maintaining a character within the password * Array, i.e. <TT> password.toCharArray (); Note that the password is stored as a string * safety hazard may exist in your code, as the class JavaDoc </ p. >In the * filed authenticated username password submitted for authentication string * / publicUsernamePasswordToken ( Final String username, Final String password) { the this (username, password =! Null password.toCharArray ():? Null , false , null ); } subject.login (token): Source: / * * * for the theme / user performs a login attempt. If unsuccessful, thrown {@link AuthenticationException}, which represent subclasses attempt failed. * If successful, the body submitted / account credentials associated data will be * with this {@code Subject} is associated, the method will return quietly. * <P /> * After quiet return, consider this example {@code Subject} * Authenticated and {@link #getPrincipal () getPrincipal () } will not empty * {@Link #isAuthenticated () isAuthenticated ( )} will be @code { to true }. * * @Param token of the token of the package body and credentials to be passed to the subject matter * validation subsystem. @ * Throws org.apache.shiro.authc.AuthenticationException * If the authentication attempt fails. @Since 0.9 * * / void the Login (AuthenticationToken token) throws AuthenticationException;