一只倔强的笨猪

【Shiro】IniRealm和JdbcRealm

不同的Realm

就是不同的认证数据源。

一、IniRealm。
1.导入Maven。

	<dependencies>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.2.2</version>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>RELEASE</version>
        </dependency>
    </dependencies>

2.在资源文件夹内创建user.ini。

[users]
BenZhu=123456,admin
[roles]
admin=user:delete

3.编写测试类。

package com.benzhu.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;

public class IniRealmTest {

    @Test
    public void tsetAuthentication(){

        IniRealm iniRealm = new IniRealm("classpath:user.ini");

        //1.构建SecurityManager环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(iniRealm);
        //2.主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("BenZhu","123456");
        try {
            subject.login(token);
            try {
                subject.checkRoles("admin");
                subject.checkPermission("user:delete");
            }catch (UnauthorizedException exception){
                System.out.println("角色授权或者权限授权失败!");
            }

        }catch (AuthenticationException e){
            System.out.println("认证失败!");
        }

        System.out.println("isAuthenticated:"+subject.isAuthenticated());
        subject.logout();
        System.out.println("isAuthenticated:"+subject.isAuthenticated());
    }
}

二、默认JdbcRealm。
1.导入Maven。

	<dependencies>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.2.2</version>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>RELEASE</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.45</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>1.1.6</version>
        </dependency>
    </dependencies>

2.创建数据库表(我的数据库是5.7)。
《【Shiro】IniRealm和JdbcRealm》
3.编写测试类。

package com.benzhu.test;

import com.alibaba.druid.pool.DruidDataSource;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;

public class JdbcRealmTest {

    DruidDataSource dataSource = new DruidDataSource();

    {
        dataSource.setUrl("jdbc:mysql://localhost:3306/shiro?&useSSL=false&serverTimezone=GMT%2B8&characterEncoding=utf8");
        dataSource.setUsername("root");
        dataSource.setPassword("123456");
    }

    @Test
    public void tsetAuthentication(){

        JdbcRealm jdbcRealm = new JdbcRealm();
        jdbcRealm.setDataSource(dataSource);
        jdbcRealm.setPermissionsLookupEnabled(true); //开启权限授权

        //1.构建SecurityManager环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(jdbcRealm);
        //2.主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("benzhu","123456");
        try {
            subject.login(token);
            try {
                subject.checkRole("admin");
                subject.checkPermission("user:update");
            }catch (UnauthorizedException exception){
                System.out.println("角色授权或者权限授权失败!");
            }

        }catch (AuthenticationException e){
            System.out.println("认证失败!");
        }

        System.out.println("isAuthenticated:"+subject.isAuthenticated());
        subject.logout();
        System.out.println("isAuthenticated:"+subject.isAuthenticated());
    }
}

三、自定义JdbcRealm。
1.如同二一样先导入Maven。
2.编写自定义的数据库(参照如下图)。
《【Shiro】IniRealm和JdbcRealm》
3.编写测试类。

package com.benzhu.test;

import com.alibaba.druid.pool.DruidDataSource;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;

public class JdbcRealmTest {

    DruidDataSource dataSource = new DruidDataSource();

    {
        dataSource.setUrl("jdbc:mysql://localhost:3306/shiro?&useSSL=false&serverTimezone=GMT%2B8&characterEncoding=utf8");
        dataSource.setUsername("root");
        dataSource.setPassword("123456");
    }

    @Test
    public void tsetAuthentication(){

        JdbcRealm jdbcRealm = new JdbcRealm();
        jdbcRealm.setDataSource(dataSource);
        jdbcRealm.setPermissionsLookupEnabled(true);

        //编写自定义Sql认证语句
        String sql = "select password from test_user where username = ?";
        jdbcRealm.setAuthenticationQuery(sql);

        //编写自定义Sql角色授权语句
        String rolesql = "select role from test_user_roles where username = ?";
        jdbcRealm.setUserRolesQuery(rolesql);

        //编写自定义Sql权限授权语句
        String permissionssql = "select permission from test_permissions where role = ?";
        jdbcRealm.setPermissionsQuery(permissionssql);

        //1.构建SecurityManager环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(jdbcRealm);
        //2.主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("benzhu","666666");
        try {
            subject.login(token);
            try {
                subject.checkRole("zhu");
                subject.checkPermission("select");
            }catch (UnauthorizedException exception){
                System.out.println("角色授权或者权限授权失败!");
            }

        }catch (AuthenticationException e){
            System.out.println("认证失败!");
        }

        System.out.println("isAuthenticated:"+subject.isAuthenticated());
        subject.logout();
        System.out.println("isAuthenticated:"+subject.isAuthenticated());
    }
}

效果图(三个都一样滴):
《【Shiro】IniRealm和JdbcRealm》

点赞

发表评论

电子邮件地址不会被公开。 必填项已用*标注