目录结构如下:
jdbc-realm-ini.java
配置文件如下
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/shiro
dataSource.username=root
dataSource.password=""
jdbcRealm.dataSource=$dataSource
#指向了框架实现的JdbcRealm,这个在系统里已经实现了
securityManager.realms=$jdbcRealm
然后新建数据库shiro
,新建三个表,表明限制为users
,user_role
,user_permissions
,然后就可以测试了
测试代码如下
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Assert;
import org.junit.Test;
/**
* Created by zhouyueyue on 2017/3/22.
*/
public class shiroTest {
@Test
public void testHelloworld() {
Factory<SecurityManager> factory =
new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini");
//2、得到SecurityManager实例 并绑定给SecurityUtils,全局设置,设置一次即可
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);//自动绑定当前线程,在多请求的环境下需要
//3、得到Subject及创建用户名/密码身份验证Token(即用户身份/凭证)
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhang", "123");
try {
//4、登录,即身份验证
//4.1 当使用realm时,login调用的时候会调用reaml实例中的getAuthenticationInfo函数,当使用Jdbcrealm时,会调用源码中的doGetAuthenticationInfo()函数
subject.login(token);
} catch (AuthenticationException e) {
//5、身份验证失败
}
Assert.assertEquals(true, subject.isAuthenticated()); //断言用户已经登录
//6、退出
subject.logout();
}
}
说明:JdbcRealm.java
中将username
作为主键即唯一值从如下源码可看出
private String[] getPasswordForUser(Connection conn, String username) throws SQLException {
String[] result;
boolean returningSeparatedSalt = false;
switch (saltStyle) {
case NO_SALT:
case CRYPT:
case EXTERNAL:
result = new String[1];
break;
default:
result = new String[2];
returningSeparatedSalt = true;
}
PreparedStatement ps = null;
ResultSet rs = null;
try {
ps = conn.prepareStatement(authenticationQuery);
ps.setString(1, username);
// Execute query
rs = ps.executeQuery();
// Loop over results - although we are only expecting one result, since usernames should be unique
boolean foundResult = false;
while (rs.next()) {
// Check to ensure only one row is processed,大于一列会抛出异常
if (foundResult) {
throw new AuthenticationException("More than one user row found for user [" + username + "]. Usernames must be unique.");
}
result[0] = rs.getString(1);
if (returningSeparatedSalt) {
result[1] = rs.getString(2);
}
foundResult = true;
}
} finally {
JdbcUtils.closeResultSet(rs);
JdbcUtils.closeStatement(ps);
}
return result;
}
当然这里的username
是下面函数的第一个参数
UsernamePasswordToken('输入主键','对应的密码')