如何实现不加盐版自定义Realm的Shiro登录认证?
- 内容介绍
- 文章标签
- 相关推荐
本文共计613个文字,预计阅读时间需要3分钟。
java// 代码:javaConfig + Shiro环境public class ConfigShiro { public void simpleDbConfig() { // Shiro提供的SecurityManager DefaultSecurityManager securityManager=new DefaultSecurityManager(); // 自定义的Realm Realm realmWithoutSalt=new Realm(); }}
1、代码:javaConfig shiro环境public class ConfigShiro { public void simpleDbConfig(){ //shiro提供的SecurityManager DefaultSecurityManager securityManager = new DefaultSecurityManager(); //自定义的Realm Realm realmWithoutSalt = new MyJdbcRealmWithoutSalt(); securityManager.setRealm(realmWithoutSalt); SecurityUtils.setSecurityManager(securityManager); } } 2、代码:MyRealmWithoutSalt(不加盐)
package com.amiu.shiro.chapter5; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.amiu.mybatisTest.autoMybatis.SqlSessionHelper; import com.amiu.shiro.db.User; import com.amiu.shiro.db.UsersDao; public class MyRealmWithoutSalt extends AuthorizingRealm{ //操作数据库的类 UsersDao dao = new SqlSessionHelper("com.amiu.shiro.db") .getDao(UsersDao.class); //处理权限 @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { User User = (User) principals.getPrimaryPrincipal(); //do something return null; } //处理身份验证 @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken userToken = (UsernamePasswordToken) token; //获取当前需要登录的用户 String loginName = (String) userToken.getUsername(); String loginPassword = String.valueOf(userToken.getPassword()); //从数据库获取对应的用户 User user = dao.selectByName(loginName); if(user == null){ //无此用户 throw new UnknownAccountException(); } if(!loginPassword.equals(user.getPassword())){ //用户名或密码不正确 throw new IncorrectCredentialsException(); } if(user.isIs_lock()){ //账户被锁定 throw new LockedAccountException(); } //身份认证成功,返回AuthenticationInfo SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),getName()); return info; } @Override public String getName() { return "myRealmWithoutSalt"; } } 3、代码:登陆测试
@Test public void saltLogin(){ new ConfigShiro().simpleDbCOnfig(); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("zhang","123"); subject.login(token); Assert.assertTrue(subject.isAuthenticated()); } 4、解析:MyRealmWithoutSalt
1、登陆测试中的: UsernamePasswordToken token = new UsernamePasswordToken("zhang","123"); 执行subject.login(token)后,这个token传到了MyRealmWithoutSalt中的方法: //处理身份验证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) 这里的参数(AuthenticationToken token)即是我们的登陆用户“zhang”的token 2、我们自定义的Realm,我们一般选择继承shiro的AuthorizingRealm。 3、MyRealmWithoutSalt中的返回值: SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), getName()); SimpleAuthenticationInfo的第一个参数我么可以放入我们想要放入才参数,如这里的对象User,我们还能存入id 或Username等等,这个参数体现在本类处理权限的方法中: //处理权限 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) 这里的参数(PrincipalCollection principals)就是我们传入的对象User,我们可以这么使用它: User User = (User) principals.getPrimaryPrincipal(); 获取User对象后我们可以去数据库中查询权限信息,并加载到shiro中 4、MyRealmWithoutSalt中抛出的异常我们可以在登陆测试中的subject.login(token)处捕获 try { subject.login(token); } catch (UnknownAccountException unknownAccountEx) { //处理无此用户 }catch(IncorrectCredentialsException wrongPasswordEx){ //处理用户名或密码不正确 }catch(LockedAccountException lockedAccountEx){ //账户被锁定 } catch ( AuthenticationException ae ) { //不期望出现的错误 error? } 然后返回友好的信息给用户
本文共计613个文字,预计阅读时间需要3分钟。
java// 代码:javaConfig + Shiro环境public class ConfigShiro { public void simpleDbConfig() { // Shiro提供的SecurityManager DefaultSecurityManager securityManager=new DefaultSecurityManager(); // 自定义的Realm Realm realmWithoutSalt=new Realm(); }}
1、代码:javaConfig shiro环境public class ConfigShiro { public void simpleDbConfig(){ //shiro提供的SecurityManager DefaultSecurityManager securityManager = new DefaultSecurityManager(); //自定义的Realm Realm realmWithoutSalt = new MyJdbcRealmWithoutSalt(); securityManager.setRealm(realmWithoutSalt); SecurityUtils.setSecurityManager(securityManager); } } 2、代码:MyRealmWithoutSalt(不加盐)
package com.amiu.shiro.chapter5; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.amiu.mybatisTest.autoMybatis.SqlSessionHelper; import com.amiu.shiro.db.User; import com.amiu.shiro.db.UsersDao; public class MyRealmWithoutSalt extends AuthorizingRealm{ //操作数据库的类 UsersDao dao = new SqlSessionHelper("com.amiu.shiro.db") .getDao(UsersDao.class); //处理权限 @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { User User = (User) principals.getPrimaryPrincipal(); //do something return null; } //处理身份验证 @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken userToken = (UsernamePasswordToken) token; //获取当前需要登录的用户 String loginName = (String) userToken.getUsername(); String loginPassword = String.valueOf(userToken.getPassword()); //从数据库获取对应的用户 User user = dao.selectByName(loginName); if(user == null){ //无此用户 throw new UnknownAccountException(); } if(!loginPassword.equals(user.getPassword())){ //用户名或密码不正确 throw new IncorrectCredentialsException(); } if(user.isIs_lock()){ //账户被锁定 throw new LockedAccountException(); } //身份认证成功,返回AuthenticationInfo SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),getName()); return info; } @Override public String getName() { return "myRealmWithoutSalt"; } } 3、代码:登陆测试
@Test public void saltLogin(){ new ConfigShiro().simpleDbCOnfig(); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("zhang","123"); subject.login(token); Assert.assertTrue(subject.isAuthenticated()); } 4、解析:MyRealmWithoutSalt
1、登陆测试中的: UsernamePasswordToken token = new UsernamePasswordToken("zhang","123"); 执行subject.login(token)后,这个token传到了MyRealmWithoutSalt中的方法: //处理身份验证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) 这里的参数(AuthenticationToken token)即是我们的登陆用户“zhang”的token 2、我们自定义的Realm,我们一般选择继承shiro的AuthorizingRealm。 3、MyRealmWithoutSalt中的返回值: SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), getName()); SimpleAuthenticationInfo的第一个参数我么可以放入我们想要放入才参数,如这里的对象User,我们还能存入id 或Username等等,这个参数体现在本类处理权限的方法中: //处理权限 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) 这里的参数(PrincipalCollection principals)就是我们传入的对象User,我们可以这么使用它: User User = (User) principals.getPrimaryPrincipal(); 获取User对象后我们可以去数据库中查询权限信息,并加载到shiro中 4、MyRealmWithoutSalt中抛出的异常我们可以在登陆测试中的subject.login(token)处捕获 try { subject.login(token); } catch (UnknownAccountException unknownAccountEx) { //处理无此用户 }catch(IncorrectCredentialsException wrongPasswordEx){ //处理用户名或密码不正确 }catch(LockedAccountException lockedAccountEx){ //账户被锁定 } catch ( AuthenticationException ae ) { //不期望出现的错误 error? } 然后返回友好的信息给用户