Shiro uses its own IniRealm by default, and IniRealm reads user information from the ini configuration file. In most cases, we need to read user information from the database, so we need to customize the realm
[main]
myRealm=cn.wit.realm.MyRealm #Dependency
injection
SecurityManager.realm=$myRealm
configures the SecurityManager instance of the application and any of its dependent components (such as Realms)
[users]
You can configure static users like the authentication demo (Zhang Three = 123). You can also define roles (lisi=456, role1, role2)
Link users with users and roles ( here is rbac! )
[users]
zhangsan=1111,role1
[roles]
role=user:add,user:delete
Use JdbcRealm for authentication
- There should be a user table users in the database corresponding to the specified dataSource lock. There are username, password, password_salt and other fields in the table. These names are all in the SQL statement in the jdbcRealm source code. Therefore, if you do not follow the source code fields when creating the database To build a table by name, JdbcRealm cannot be used
JdbcRealm demo
jar包
Database Design
Log
log4j.rootLogger=Info, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - %m %n
shiro.ini
[main]
dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
dataSource.driverClass=com.mysql.jdbc.Driver
dataSource.jdbcUrl=jdbc:mysql://localhost:3306/login
dataSource.user=root
dataSource.password=wityy
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource=$dataSource
securityManager.realm=$jdbcRealm
[users]
zhangsan=123
The dataSource in main uses the c3p0 database connection pool to connect to the database. The mysql column has content about the database connection pool. , After configuring dataSource, configure jdbcRealm, assign dataSource to jdbcRealm, assign jdbcRealm to SecurityManager, add $ before assignment
main
package cn.wit.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;
/**
* 完成用户认证功能
* @author Administrator
*
*/
public class Authentication {
public static void main(String[] args) {
//拿到SecurityManager并将它放到环境当中
Factory<SecurityManager>factory=new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
//拿到subject接口
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken taken=new UsernamePasswordToken("zhangsan","123");
try {
subject.login(taken);
if(subject.isAuthenticated()){
System.out.println("登录成功");
}
} catch (UnknownAccountException e) {
System.out.println("账号或密码错误");
}catch (IncorrectCredentialsException e) {
System.out.println("账号或密码错误");
}
}
}
Verification strategy
Before talking about the specific content, first understand the source code of the authentication process. For the process of
entering the source code from login, please refer to this article: Authentication Process
Start from the source code that enters the authenticator section
View the class hierarchy of the Authenticator interface, the specific implementation class is ModularRealmAuthenticator
l There is an authenticationStratery class attribute inside, and continue to jump to
the class level of the interface. The three classes represent three different authentication strategies
. The ini file after adding AllSuccessfulStrategy
[main]
dataSource=com.mchange.v2.c3p0.DriverManagerDataSource
dataSource.driverClass=com.mysql.jdbc.Driver
dataSource.jdbcUrl=jdbc:mysql://localhost:3306/login
dataSource.user=root
dataSource.password=wityy
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource=$dataSource
authenticationStrategy=org.apache.shiro.authc.pam.AllSuccessfulStrategy
securityManager.realm=$jdbcRealm
securityManager.authenticator.authenticationStrategy=$authenticationStrategy
[users]
zhangsan=123