Shiro learning - 入門案例(2)
阿新 • • 發佈:2018-11-27
Shiro小案例
在上篇Shiro入門學習中說到了Shiro可以完成認證,授權等流程。在學習認證流程之前,我們應該先入門一個Shiro小案例。
建立一個java maven專案
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"Pom.xml> <modelVersion>4.0.0</modelVersion> <groupId>groupId</groupId> <artifactId>Shrio-login</artifactId> <version>1.0-SNAPSHOT</version> <dependencies> <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging --><dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core --><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.25</version> </dependency> <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.25</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-nop</artifactId> <version>1.7.2</version> </dependency> </dependencies> </project>
log4j.rootLogger = info,stdout,file log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=[%p][%d{yyyy-MM-dd HH:mm:ss}][%C{1}:%L] - %m%n log4j.appender.file = org.apache.log4j.DailyRollingFileAppender log4j.appender.file.file=C:\\Users\\amber.lei\\Documents\\Learning\\Shiro\\log\\info(+).log log4j.appender.file.DatePattern= '.'yyyy-MM-dd log4j.appender.file.layout=org.apache.log4j.PatternLayout log4j.appender.file.layout.ConversionPattern=[%p][%d{yyyy-MM-dd HH:mm:ss}][%C{1}:%L] - %m%n log4j.appender.file.Encoding=UTF-8log4j.properties
LoginDemo.java
1 package com.amber.login; 2 3 import org.apache.shiro.SecurityUtils; 4 import org.apache.shiro.authc.AuthenticationException; 5 import org.apache.shiro.authc.UnknownAccountException; 6 import org.apache.shiro.authc.UsernamePasswordToken; 7 import org.apache.shiro.config.IniSecurityManagerFactory; 8 import org.apache.shiro.mgt.SecurityManager; 9 import org.apache.shiro.subject.Subject; 10 import org.slf4j.Logger; 11 import org.slf4j.LoggerFactory; 12 13 /** 14 * Shiro入門 15 */ 16 public class LoginDemo { 17 static Logger logger = LoggerFactory.getLogger(LoginDemo.class); 18 public static void main(String[] args) { 19 20 //1.獲得SecurityManagerFactory 21 IniSecurityManagerFactory iniSecurityManagerFactory = new IniSecurityManagerFactory("classpath:shiro.ini"); 22 //2.通過工廠獲得SecurityManager 23 SecurityManager securityManager = iniSecurityManagerFactory.getInstance(); 24 //3.把SecurityManger放置到執行環境中 25 SecurityUtils.setSecurityManager(securityManager); 26 try { 27 //4.通過SecurityUtis獲取subject 28 Subject subject = SecurityUtils.getSubject(); 29 UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("amber", "111111");//這裡的amber 和 111111指使用者輸入的使用者名稱和密碼 30 //登陸 31 subject.login(usernamePasswordToken); 32 //判斷是否通過驗證,true代表通過驗證 33 if (subject.isAuthenticated()) { 34 logger.info("login successful"); 35 } 36 subject.logout(); 37 } catch (UnknownAccountException e) { 38 logger.error("ERROR incorrect username or passwod", e); 39 } catch (AuthenticationException e) { 40 logger.error("login failed", e); 41 } 42 } 43 }
Shiro.ini
[users]
amber=111111
[users]可以理解成一個使用者組,裡面有一個使用者username:amber ,password:111111.當然在實際開發中,我們的使用者名稱和密碼都是從資料庫中讀取出來的。
Shiro案例流程:
- 通過shiro.ini檔案獲得到工廠,然後通過工廠獲得SecurityManager.
- 把SecuityManager交給SecuityUtils
- 通過SecurityUtils獲得到Subject物件
- 把使用者傳入的使用者名稱和密碼,生成UsernamePasswordToken例項
- 把token傳給Subject.login(token),如果驗證失敗丟擲異常