shiro learning record 1-simple login authentication

    The test is passed, and I feel that I have initially learned to authenticate user login through shiro. Here is a record of the problems encountered in the test and their solutions.

1. Getting Started (User Login and Logout)

1.1 Create maven project

Development environment: MyEclipse

jdk version: 1.8

Add pom dependencies as follows:

<dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.10</version>
    </dependency>
    
    <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.1.3</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.2.2</version>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.25</version>
        </dependency>
  </dependencies>

 

1.2 Add jar package and dependency package of shiro-core

 

1.3 log4j.properties log configuration file

log4j.rootLogger=debug, stdout

log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - %m %n

 

1.4 shiro.ini

Create the shiro.ini file on the classpath and configure the username and password in the file.

[users]
zhangsan=123
lysis = 123

 

1.5 Authentication login and exit code testHelloworld()

    Build SecurityManager factory, IniSecurityManagerFactory can initialize SecurityManager environment from ini file .

Then create the securityManager through the factory and set it to the running environment. Then create a subject instance through securitymanager.

    Next, a token token is created, which records the identity and credentials of the user authentication (ie username and password).

    The subject is compared with the information in the token, and the verification is passed.

    Last user exits.

@Test
	public void testHelloworld () {
		Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
		 SecurityManager securityManager =factory.getInstance();
		 SecurityUtils.setSecurityManager(securityManager);
		 
		 Subject subject = SecurityUtils.getSubject();
		 UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","123");
		 
		 try{
			 subject.login(token);
			 System.out.println("Verification succeeded");
		 } catch (AuthenticationException e){
			 System.out.println("Verification failed");
		 }
		 
		 Assert.assertEquals(true, subject.isAuthenticated());
		 
		 subject.logout();

 

1.6 Test Results

The result of unit testing with JUnit is as follows:

1. Verification passed:

2017-11-08 16:16:26,891 DEBUG [org.apache.shiro.io.ResourceUtils] - Opening resource from class path [shiro.ini]
2017-11-08 16:16:26,896 DEBUG [org.apache.shiro.config.Ini] - Parsing [users]
2017-11-08 16:16:26,897 DEBUG [org.apache.shiro.config.IniFactorySupport] - Creating instance from Ini [sections=users]
2017-11-08 16:16:26,924 DEBUG [org.apache.shiro.realm.text.IniRealm] - Discovered the [users] section.  Processing...
2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - Looked up AuthenticationInfo [zhangsan] from doGetAuthenticationInfo
2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - AuthenticationInfo caching is disabled for info [zhangsan].  Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - zhangsan, rememberMe=false].
2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.authc.AbstractAuthenticator] - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - zhangsan, rememberMe=false].  Returned account [zhangsan]
2017-11-08 16:16:26,932 DEBUG [org.apache.shiro.subject.support.DefaultSubjectContext] - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2017-11-08 16:16:26,932 DEBUG [org.apache.shiro.subject.support.DefaultSubjectContext] - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2017-11-08 16:16:26,932 DEBUG [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - No sessionValidationScheduler set.  Attempting to create default instance.
2017-11-08 16:16:26,933 INFO [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Enabling session validation scheduler...
2017-11-08 16:16:26,937 DEBUG [org.apache.shiro.session.mgt.DefaultSessionManager] - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
Verification succeeded
2017-11-08 16:16:27,005 DEBUG [org.apache.shiro.mgt.DefaultSecurityManager] - Logging out subject with primary principal zhangsan
2017-11-08 16:16:27,005 DEBUG [org.apache.shiro.session.mgt.AbstractSessionManager] - Stopping session with id [a5706acf-e514-48cb-82de-51fe8bf85883]

 

2. Username does not exist:

2017-11-08 16:18:23,819 DEBUG [org.apache.shiro.io.ResourceUtils] - Opening resource from class path [shiro.ini]
2017-11-08 16:18:23,824 DEBUG [org.apache.shiro.config.Ini] - Parsing [users]
2017-11-08 16:18:23,826 DEBUG [org.apache.shiro.config.IniFactorySupport] - Creating instance from Ini [sections=users]
2017-11-08 16:18:23,853 DEBUG [org.apache.shiro.realm.text.IniRealm] - Discovered the [users] section.  Processing...
2017-11-08 16:18:23,864 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - Looked up AuthenticationInfo [null] from doGetAuthenticationInfo
2017-11-08 16:18:23,864 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - No AuthenticationInfo found for submitted AuthenticationToken [org.apache.shiro.authc.UsernamePasswordToken - zhangsanihfd, rememberMe=false].  Returning null.
verification failed

 

3. Wrong password:

2017-11-08 16:19:42,926 DEBUG [org.apache.shiro.io.ResourceUtils] - Opening resource from class path [shiro.ini]
2017-11-08 16:19:42,930 DEBUG [org.apache.shiro.config.Ini] - Parsing [users]
2017-11-08 16:19:42,931 DEBUG [org.apache.shiro.config.IniFactorySupport] - Creating instance from Ini [sections=users]
2017-11-08 16:19:42,956 DEBUG [org.apache.shiro.realm.text.IniRealm] - Discovered the [users] section.  Processing...
2017-11-08 16:19:42,963 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - Looked up AuthenticationInfo [zhangsan] from doGetAuthenticationInfo
2017-11-08 16:19:42,963 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - AuthenticationInfo caching is disabled for info [zhangsan].  Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - zhangsan, rememberMe=false].
2017-11-08 16:19:42,963 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
2017-11-08 16:19:42,964 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
verification failed

 

1.7 Summary

    Here, the username and password are only written in the configuration file, and the verification process is directly matched by plaintext. Next, configure the username, password and other information through Realm, and generate hash information matching through MD5.

Source code: https://github.com/DesFirefly/shiro