//Shiro 认证基本实现流程
public class TestCustomerMD5 {
public static void main(String[] args) {
//创建安全管理器对象
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
//创建 自定义 realm
CustomerMD5Realm realm = new CustomerMD5Realm();
//设置realm 使用hash凭证匹配器
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
//使用算法
hashedCredentialsMatcher.setHashAlgorithmName("md5");
//散列次数
hashedCredentialsMatcher.setHashIterations(2048);
realm.setCredentialsMatcher(hashedCredentialsMatcher);
defaultSecurityManager.setRealm(realm);
//将安全管理器注入安全工具
SecurityUtils.setSecurityManager(defaultSecurityManager);
//通过安全工具类获取subject
Subject subject = SecurityUtils.getSubject();
//认证
UsernamePasswordToken token = new UsernamePasswordToken("xiaochen", "48694869");
try {
subject.login(token);
System.out.println(subject.isAuthenticated());
System.out.println("登录成功");
} catch (AuthenticationException e) {
e.printStackTrace();
}
}
}
public class CustomerMD5Realm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//调用login方法将进入该方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//传递token对象,获取用户名
String principal = (String) authenticationToken.getPrincipal();
//模拟jdbc mybatis
if("xiaochen".equals(principal)){
//用户名正确进来,创建对象,切把查询到的username,password,salt,传递进去。
//参数1:数据库名字 参数2:数据库md5+salt之后的密码, 参数3:salt 参数4:realm名称
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(principal,
"8b43662b349c05514580fd738e8ff382",
ByteSource.Util.bytes("islove*021"), //如果有盐,校验时默认加上
this.getName());
return simpleAuthenticationInfo; //这里返回会去自动校验密码,这里的方法是查询name传递密码数据
}
return null;
}
}