Shiro entry (c) Shiro abnormal and JdbcRealm

Copyright Notice: Copyright https://blog.csdn.net/qq_21046965/article/details/90047131 procedures monkey jwang

Foreword

      This chapter explains Shiro anomalies and knowledge of JdbcRealm

method

1. Recalls

Before, we completed the login authentication shiro, do not know if you have not tried the wrong password or user name what will be?

It will appear as "user login failed!" Words do? Obviously no! ! He will throw an exception.

Also, we are to be configured by users in shiro profile of user authentication, in most cases, we are in a database for comparison, verification login. So how to use the data in a database table to do the login authentication it? The next will be talked about this issue.

2.Shiro abnormal

In Shiro, the abnormality classified as follows:

Total abnormalities: AuthenticationException: Abnormal Certification

AuthenticationException is divided into two anomalies: AccountException: Account abnormal, CredentialsException: vouchers abnormal, UnsupportedTokenException: does not support Token abnormal

AccountException：

• ConcurrentAccessException: concurrent access exception, such as accessing a plurality of users together
• DisabledAccountException: unavailable account abnormal, it's followed by a subclass (LockedAccountException account lock failure)
• ExcessiveAttemptsException: Too many abnormal certification
• UnknownAccountException: Unknown abnormal account

CredentialsException：

• IncorrectCredentialsException: certificate error exception
• ExpiredCredentialsException: abnormal expired credentials

To sum up: we need to use try-catch abnormal capture, before changing the code as follows:

package cn.edu.ccut.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;

/**
 * @Auther:jwang
 * @Date:2019/5/8
 * @Description:cn.edu.ccut.test
 * @Version 1.0
 **/
public class Authentication {

    public static void main(String [] args){
        //创建SecurityManager工厂
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        //通过SecurityManager工厂获取SecurityManager实例
        SecurityManager securityManager = factory.getInstance();
        //将SecurityManager对象设置到运行环境中
        SecurityUtils.setSecurityManager(securityManager);
        //通过SecurityUtils获取主体Subject
        Subject currentUser = SecurityUtils.getSubject();
        //假设传入的用户名密码为admin和123
        UsernamePasswordToken token = new UsernamePasswordToken("admin", "1231");
        //进行用户身份验证
        try {
            currentUser.login(token);
            //如果用户认证成功
            if (currentUser.isAuthenticated()) {
                System.out.println("用户登录成功！");
            }
        }catch (AuthenticationException e){
            System.out.println("用户登录失败！");
        }

    }
}

We can see that you enter the wrong password, the results are as follows:

3.JdbcRealm

Recall that this image, we know shiro gave us a lot of Realms for user validation, this time we will learn which of JDBC Realm

Observation org.apache.shiro.realm.jdbc.JdbcRealm class we know that to be Jdbc verification, we need to create the users table, and wherein the username, password, password_salt field is essential!

The image above is part JdbcRealm.java source, which hardcoded some SQL.

1) creates the specified table and field

2) configuration shiro.ini Bunken

First, we need to introduce JdbcRealm

 

We enter JdbcRealm source can be found, which requires a data source.

 

Here we just use common connection pooling on the market can be, and here I use a connection pool c3p0.

And introducing c3p0 drive the associated jar package oracle:

 

Profile changed to the following:

 

3) write Java test code

package cn.edu.ccut.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;

/**
 * @Auther:jwang
 * @Date:2019/5/8
 * @Description:cn.edu.ccut.test
 * @Version 1.0
 **/
public class Authentication {

    public static void main(String [] args){
        //创建SecurityManager工厂
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        //通过SecurityManager工厂获取SecurityManager实例
        SecurityManager securityManager = factory.getInstance();
        //将SecurityManager对象设置到运行环境中
        SecurityUtils.setSecurityManager(securityManager);
        //通过SecurityUtils获取主体Subject
        Subject currentUser = SecurityUtils.getSubject();
        //假设传入的用户名密码为admin和123
        UsernamePasswordToken token = new UsernamePasswordToken("sa", "sa");
        //进行用户身份验证
        try {
            currentUser.login(token);
            //如果用户认证成功
            if (currentUser.isAuthenticated()) {
                System.out.println("用户登录成功！");
            }
        }catch (AuthenticationException e){
            System.out.println("用户登录失败！");
        }

    }
}

Test results are as follows:

Observe, we use a row of data users table: sa / sa

We can see that the successful realization of JdbcRealm!