The test is passed, and I feel that I have initially learned to authenticate user login through shiro. Here is a record of the problems encountered in the test and their solutions.
1. Getting Started (User Login and Logout)
1.1 Create maven project
Development environment: MyEclipse
jdk version: 1.8
Add pom dependencies as follows:
<dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.10</version> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1.3</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.2</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.25</version> </dependency> </dependencies>
1.2 Add jar package and dependency package of shiro-core
1.3 log4j.properties log configuration file
log4j.rootLogger=debug, stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - %m %n
1.4 shiro.ini
Create the shiro.ini file on the classpath and configure the username and password in the file.
[users] zhangsan=123 lysis = 123
1.5 Authentication login and exit code testHelloworld()
Build SecurityManager factory, IniSecurityManagerFactory can initialize SecurityManager environment from ini file .
Then create the securityManager through the factory and set it to the running environment. Then create a subject instance through securitymanager.
Next, a token token is created, which records the identity and credentials of the user authentication (ie username and password).
The subject is compared with the information in the token, and the verification is passed.
Last user exits.
@Test public void testHelloworld () { Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); SecurityManager securityManager =factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("zhangsan","123"); try{ subject.login(token); System.out.println("Verification succeeded"); } catch (AuthenticationException e){ System.out.println("Verification failed"); } Assert.assertEquals(true, subject.isAuthenticated()); subject.logout();
1.6 Test Results
The result of unit testing with JUnit is as follows:
1. Verification passed:
2017-11-08 16:16:26,891 DEBUG [org.apache.shiro.io.ResourceUtils] - Opening resource from class path [shiro.ini] 2017-11-08 16:16:26,896 DEBUG [org.apache.shiro.config.Ini] - Parsing [users] 2017-11-08 16:16:26,897 DEBUG [org.apache.shiro.config.IniFactorySupport] - Creating instance from Ini [sections=users] 2017-11-08 16:16:26,924 DEBUG [org.apache.shiro.realm.text.IniRealm] - Discovered the [users] section. Processing... 2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - Looked up AuthenticationInfo [zhangsan] from doGetAuthenticationInfo 2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - AuthenticationInfo caching is disabled for info [zhangsan]. Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - zhangsan, rememberMe=false]. 2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String] 2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Both credentials arguments can be easily converted to byte arrays. Performing array equals comparison 2017-11-08 16:16:26,931 DEBUG [org.apache.shiro.authc.AbstractAuthenticator] - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - zhangsan, rememberMe=false]. Returned account [zhangsan] 2017-11-08 16:16:26,932 DEBUG [org.apache.shiro.subject.support.DefaultSubjectContext] - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2017-11-08 16:16:26,932 DEBUG [org.apache.shiro.subject.support.DefaultSubjectContext] - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2017-11-08 16:16:26,932 DEBUG [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - No sessionValidationScheduler set. Attempting to create default instance. 2017-11-08 16:16:26,933 INFO [org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Enabling session validation scheduler... 2017-11-08 16:16:26,937 DEBUG [org.apache.shiro.session.mgt.DefaultSessionManager] - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] Verification succeeded 2017-11-08 16:16:27,005 DEBUG [org.apache.shiro.mgt.DefaultSecurityManager] - Logging out subject with primary principal zhangsan 2017-11-08 16:16:27,005 DEBUG [org.apache.shiro.session.mgt.AbstractSessionManager] - Stopping session with id [a5706acf-e514-48cb-82de-51fe8bf85883]
2. Username does not exist:
2017-11-08 16:18:23,819 DEBUG [org.apache.shiro.io.ResourceUtils] - Opening resource from class path [shiro.ini] 2017-11-08 16:18:23,824 DEBUG [org.apache.shiro.config.Ini] - Parsing [users] 2017-11-08 16:18:23,826 DEBUG [org.apache.shiro.config.IniFactorySupport] - Creating instance from Ini [sections=users] 2017-11-08 16:18:23,853 DEBUG [org.apache.shiro.realm.text.IniRealm] - Discovered the [users] section. Processing... 2017-11-08 16:18:23,864 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - Looked up AuthenticationInfo [null] from doGetAuthenticationInfo 2017-11-08 16:18:23,864 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - No AuthenticationInfo found for submitted AuthenticationToken [org.apache.shiro.authc.UsernamePasswordToken - zhangsanihfd, rememberMe=false]. Returning null. verification failed
3. Wrong password:
2017-11-08 16:19:42,926 DEBUG [org.apache.shiro.io.ResourceUtils] - Opening resource from class path [shiro.ini] 2017-11-08 16:19:42,930 DEBUG [org.apache.shiro.config.Ini] - Parsing [users] 2017-11-08 16:19:42,931 DEBUG [org.apache.shiro.config.IniFactorySupport] - Creating instance from Ini [sections=users] 2017-11-08 16:19:42,956 DEBUG [org.apache.shiro.realm.text.IniRealm] - Discovered the [users] section. Processing... 2017-11-08 16:19:42,963 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - Looked up AuthenticationInfo [zhangsan] from doGetAuthenticationInfo 2017-11-08 16:19:42,963 DEBUG [org.apache.shiro.realm.AuthenticatingRealm] - AuthenticationInfo caching is disabled for info [zhangsan]. Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - zhangsan, rememberMe=false]. 2017-11-08 16:19:42,963 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String] 2017-11-08 16:19:42,964 DEBUG [org.apache.shiro.authc.credential.SimpleCredentialsMatcher] - Both credentials arguments can be easily converted to byte arrays. Performing array equals comparison verification failed
1.7 Summary
Here, the username and password are only written in the configuration file, and the verification process is directly matched by plaintext. Next, configure the username, password and other information through Realm, and generate hash information matching through MD5.
Source code: https://github.com/DesFirefly/shiro