新建springboot项目,练习shiro安全框架的使用。
导入依赖
<!-- ini整合方式的依赖 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.9.0</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
在resources目录下,新建shiro.ini配置文件
[main]
md5CredentialsMatcher=org.apache.shiro.authc.credential.Md5CredentialsMatcher
#此项是配置加盐次数的md5CredentialsMatcher.hashIterations=3
myrealm=com.shrimpking.realm.MyRealm
myrealm.credentialsMatcher=$md5CredentialsMatcher
securityManager.realms=$myrealm
[users]
zhangsan=81dc9bdb52d04dc20036dbd8313ed055,role1,role2
lisi=1234
[roles]
role1:user:insert,user:select
在src/main/java目录下,新建包com.shrimpking.realm
新建一个MyRealm类
package com.shrimpking.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.util.ByteSource;
import javax.print.DocFlavor;
/**
* Created by IntelliJ IDEA.
*
* @Author : Shrimpking
* @create 2023/9/30 11:39
*/
public class MyRealm extends AuthenticatingRealm
{
/**
* 自定义的认证登录方法,shiro的login方法的底层调用此类的认证方法进行认证
* 需要配置自定义的realm生效,在ini文件中配置,在springboot中配置
* 此方法只是获取需要验证的信息
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException
{
//获取身份信息
String principal = authenticationToken.getPrincipal().toString();
//获取凭证信息
String password = new String((char[]) authenticationToken.getCredentials());
System.out.println("身份信息=" + principal);
System.out.println("密码=" + password);
System.out.println(getName());
//访问数据库获取用户信息
if(principal.equals("zhangsan")){
//从数据库查询加密的密码
String pwdInfo = "81dc9bdb52d04dc20036dbd8313ed055";
//封装到校验的逻辑对象中
AuthenticationInfo info = new SimpleAuthenticationInfo(
authenticationToken.getPrincipal(),
pwdInfo,
ByteSource.Util.bytes(""),
getName()
);
return info;
}
return null;
}
}
然后在test测试目录下,新建测试类
shiroTest.java
package com.shrimpking;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
/**
* Created by IntelliJ IDEA.
*
* @Author : Shrimpking
* @create 2023/9/30 10:22
*/
@SpringBootTest
public class ShiroTest
{
@Test
public void test(){
//获取securityManager
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
//获取subject对象
Subject subject = SecurityUtils.getSubject();
//创建token
AuthenticationToken token = new UsernamePasswordToken("zhangsan", "1234");
//完成登录
try
{
subject.login(token);
System.out.println("登录成功");
//判断角色是否存在
boolean hasRole = subject.hasRole("role1");
System.out.println("是否拥有此角色=" +hasRole);
//判断权限
boolean permitted = subject.isPermitted("user:insert");
System.out.println("是否拥有此权限=" + permitted);
try
{
subject.checkPermission("user:delete");
}
catch (AuthorizationException e)
{
System.out.println("无权限");
}
}
catch (UnknownAccountException e){
e.printStackTrace();
System.out.println("用户不存在");
}
catch (IncorrectCredentialsException e){
e.printStackTrace();
System.out.println("密码错误");
}
catch (AuthenticationException e)
{
e.printStackTrace();
}
}
}
运行后,可以查看ini方式的shrio的运行。
另外关于shrio的加密,单独建立一个测试类
package com.shrimpking;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
import javax.swing.plaf.SliderUI;
/**
* Created by IntelliJ IDEA.
*
* @Author : Shrimpking
* @create 2023/9/30 11:01
*/
@SpringBootTest
public class ShiroMD5
{
@Test
public void test(){
//密码明文
String password = "1234";
//使用md5加密
Md5Hash md5Hash1 = new Md5Hash(password);
System.out.println("使用md5加密 = " + md5Hash1);
//使用md5加密 = 81dc9bdb52d04dc20036dbd8313ed055
//带盐的md5加密
String salt = "salt";
Md5Hash md5Hash2 = new Md5Hash(password,salt);
System.out.println("带盐的加密 = " +md5Hash2);
//带盐的加密 = a6d4f0a9c109cd24eacb88e75e5be690
//带盐的3次md5加密
Md5Hash md5Hash3 = new Md5Hash(password,salt,3);
System.out.println("带盐的3次加密 = " + md5Hash3);
//带盐的3次加密 = 3eb72410276a5e43764a2722874c27c6
//使用父类加密
SimpleHash simpleHash = new SimpleHash("MD5",password,salt,3);
System.out.println("使用父类加密 = " + simpleHash);
//使用父类加密 = 3eb72410276a5e43764a2722874c27c6
}
}
我还没有彻底弄明白shrio的运行,以上代码仅作为敲门砖,各位海涵。