(目录)

shiro是什么

shiro是一个权限认证框架，可以用来对用户的账号密码进行验证、cookie校验等。

shiro的框架

登录验证

1. 创建subject对象并使用用户名密码生成token对象
2. 调用subject的login方法进行登录

Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName, userPassword);
subject.login(token);

3. 自定义Realm对，重写

public class MyShiroRealm extends AuthorizingRealm {
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("doGetAuthenticationInfo()");
        // 获取用户输入的账户
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String user = token.getUsername();
        String password = new String(token.getPassword());

        try {
            UserDo userInfo = authService.login(shopNo, user, password);
            SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(
                    userInfo, // 用户名
                    userInfo.getPasswd(), // 密码
                    ByteSource.Util.bytes(userInfo.getSalt() == null ? "123456" : userInfo.getSalt()), // salt=username+salt
                    getName() // realm name
            );
            return simpleAuthenticationInfo;
        } catch (BError error) {
            throw new AccountException(error.getMessage());
        }
    }
}

cookie校验

权限管理

shiro与spring的结合