当前位置 : 主页 > 编程语言 > c++ >

shiro登录认证(自定义Realm,不加盐版)

来源:互联网 收集:自由互联 发布时间:2021-07-03
1、代码:javaConfig shiro环境 public class ConfigShiro {public void simpleDbConfig(){//shiro提供的SecurityManagerDefaultSecurityManager securityManager = new DefaultSecurityManager();//自定义的RealmRealm realmWithoutSalt = new
1、代码:javaConfig shiro环境 
public class ConfigShiro {

	public void simpleDbConfig(){
		//shiro提供的SecurityManager
		DefaultSecurityManager securityManager = 
				new DefaultSecurityManager();
		//自定义的Realm
		Realm realmWithoutSalt = new MyJdbcRealmWithoutSalt();
		
		securityManager.setRealm(realmWithoutSalt);

		SecurityUtils.setSecurityManager(securityManager);
	}
	
}
2、代码:MyRealmWithoutSalt(不加盐) 
package com.amiu.shiro.chapter5;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.amiu.mybatisTest.autoMybatis.SqlSessionHelper;
import com.amiu.shiro.db.User;
import com.amiu.shiro.db.UsersDao;

public class MyRealmWithoutSalt extends AuthorizingRealm{
	//操作数据库的类
	UsersDao dao = new SqlSessionHelper("com.amiu.shiro.db")
						.getDao(UsersDao.class);
	//处理权限
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principals) {
        User User = (User) principals.getPrimaryPrincipal();
        //do something
		return null;
	}

	//处理身份验证
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken token) throws AuthenticationException {
		UsernamePasswordToken userToken = (UsernamePasswordToken) token;
		//获取当前需要登录的用户
		String loginName = (String) userToken.getUsername();
		String loginPassword = String.valueOf(userToken.getPassword());
		//从数据库获取对应的用户
		User user = dao.selectByName(loginName);
		
		
		if(user == null){
			//无此用户
			throw new UnknownAccountException();
		}
		if(!loginPassword.equals(user.getPassword())){
			//用户名或密码不正确
			throw new IncorrectCredentialsException();
		}
		if(user.isIs_lock()){
			//账户被锁定
			throw new LockedAccountException();
		}
		//身份认证成功,返回AuthenticationInfo
		SimpleAuthenticationInfo info = 
				new SimpleAuthenticationInfo(user,user.getPassword(),getName());
		
		return info;
	}
	
	@Override
	public String getName() {
		return "myRealmWithoutSalt";
	}
}
3、代码:登陆测试 
@Test
	public void saltLogin(){
		new ConfigShiro().simpleDbCOnfig();
		Subject subject = SecurityUtils.getSubject();
		UsernamePasswordToken token = 
				new UsernamePasswordToken("zhang","123");
		
		subject.login(token);
		
		Assert.assertTrue(subject.isAuthenticated());
	}
4、解析:MyRealmWithoutSalt 
1、登陆测试中的:
    UsernamePasswordToken token = new UsernamePasswordToken("zhang","123");

执行subject.login(token)后,这个token传到了MyRealmWithoutSalt中的方法:
    //处理身份验证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
这里的参数(AuthenticationToken token)即是我们的登陆用户“zhang”的token

2、我们自定义的Realm,我们一般选择继承shiro的AuthorizingRealm。

3、MyRealmWithoutSalt中的返回值:
    SimpleAuthenticationInfo info = 
				new SimpleAuthenticationInfo(user,
                    user.getPassword(),
                    getName());
SimpleAuthenticationInfo的第一个参数我么可以放入我们想要放入才参数,如这里的对象User,我们还能存入id
或Username等等,这个参数体现在本类处理权限的方法中:
    //处理权限
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
这里的参数(PrincipalCollection principals)就是我们传入的对象User,我们可以这么使用它:
    User User = (User) principals.getPrimaryPrincipal();
获取User对象后我们可以去数据库中查询权限信息,并加载到shiro中

4、MyRealmWithoutSalt中抛出的异常我们可以在登陆测试中的subject.login(token)处捕获
    try {
			subject.login(token);
		} catch (UnknownAccountException unknownAccountEx) {
			//处理无此用户
		}catch(IncorrectCredentialsException wrongPasswordEx){
			//处理用户名或密码不正确
		}catch(LockedAccountException lockedAccountEx){
			//账户被锁定
		} catch ( AuthenticationException ae ) {
		    //不期望出现的错误  error?
		}
然后返回友好的信息给用户
上一篇:SocketClient
下一篇:mybatis多表查询mysql报错
网友评论
相关栏目
最近更新
热门文章