(目录)
shiro是什么
shiro是一个权限认证框架,可以用来对用户的账号密码进行验证、cookie校验等。
shiro的框架
登录验证
- 创建subject对象并使用用户名密码生成token对象
- 调用subject的login方法进行登录
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName, userPassword);
subject.login(token);
- 自定义Realm对,重写
public class MyShiroRealm extends AuthorizingRealm {
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("doGetAuthenticationInfo()");
// 获取用户输入的账户
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String user = token.getUsername();
String password = new String(token.getPassword());
try {
UserDo userInfo = authService.login(shopNo, user, password);
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(
userInfo, // 用户名
userInfo.getPasswd(), // 密码
ByteSource.Util.bytes(userInfo.getSalt() == null ? "123456" : userInfo.getSalt()), // salt=username+salt
getName() // realm name
);
return simpleAuthenticationInfo;
} catch (BError error) {
throw new AccountException(error.getMessage());
}
}
}
cookie校验