Apache Shiro教程（二）简易程序配置

Mei笑D小妞

1、配置shiro.ini文件
　　此处采用 SHA-512 算法加密，哈希1024次，哈希后的密码以64位编码存储



1 # ===================================================================================
2 # Shiro INI configuration
3 # ===================================================================================
4 [main]
5 hashedCredentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
6 hashedCredentialsMatcher.hashAlgorithmName = SHA-512
7 hashedCredentialsMatcher.hashIterations = 1024
8 hashedCredentialsMatcher.storedCredentialsHexEncoded = false
9 saltAwareIniRealm = com.cnblogs.javalouvre.shiro.realm.text.SaltAwareIniRealm
10 saltAwareIniRealm.resourcePath = classpath:shiro.ini
11 saltAwareIniRealm.credentialsMatcher = $hashedCredentialsMatcher
12 securityManager.realm = $saltAwareIniRealm
13 ehCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
14 ehCacheManager.cacheManagerConfigFile = classpath:ehcache.xml
15 securityManager.cacheManager = $ehCacheManager
16
17 [users]
18 system = E18H4biesus/SiiAyGb/sLDHpRACpwofpmKAgYojqxG8w1mX9aFGu51/O+ha02fpr4zoQXfyE/W919KWv7RwLA==, admin
19 scott  = rzN+XZiPCHa+8O9c7jCnEzCE0BOgzitMU2x1aG6eg5f0wpnZcY9HaxyraO9NqUklI5y2bu1xrtgmJRrDe34xrg==, guest
20
21 [roles]
22 admin = *
23 guest = user:create, user:retrieve, user:update, user:delete
2、自定义Realm
　　该类继承自类 org.apache.shiro.realm.text.IniRealm 重写 doGetAuthenticationInfo 方法，设置盐值



1 package com.cnblogs.javalouvre.shiro.realm.text;
2
3 import org.apache.shiro.authc.AuthenticationException;
4 import org.apache.shiro.authc.AuthenticationInfo;
5 import org.apache.shiro.authc.AuthenticationToken;
6 import org.apache.shiro.authc.ExpiredCredentialsException;
7 import org.apache.shiro.authc.LockedAccountException;
8 import org.apache.shiro.authc.SimpleAccount;
9 import org.apache.shiro.authc.UsernamePasswordToken;
10 import org.apache.shiro.realm.text.IniRealm;
11 import org.apache.shiro.util.SimpleByteSource;
12
13 public class SaltAwareIniRealm extends IniRealm {
14
15     @Override
16     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
17         UsernamePasswordToken upToken = (UsernamePasswordToken) token;
18         SimpleAccount account = getUser(upToken.getUsername());
19         if (account != null) {
20             if (account.isLocked()) {
21                 throw new LockedAccountException("Account [" + account + "] is locked.");
22             }
23             if (account.isCredentialsExpired()) {
24                 throw new ExpiredCredentialsException("The credentials for account [" + account + "] are expired.");
25             }
26         }
27         account.setCredentialsSalt(ByteSource.Util.bytes("Nazi"));
28
29         return account;
30     }
31
32 }
3、编写测试类
　　该类继承自 org.apache.shiro.test.AbstractShiroTest



1 package com.cnblogs.javalouvre.simple;
2
3 import static org.junit.Assert.assertTrue;
4
5 import org.apache.shiro.SecurityUtils;
6 import org.apache.shiro.authc.AuthenticationException;
7 import org.apache.shiro.authc.UsernamePasswordToken;
8 import org.apache.shiro.config.IniSecurityManagerFactory;
9 import org.apache.shiro.mgt.SecurityManager;
10 import org.apache.shiro.subject.Subject;
11 import org.apache.shiro.test.AbstractShiroTest;
12 import org.apache.shiro.util.Factory;
13 import org.junit.After;
14 import org.junit.AfterClass;
15 import org.junit.Before;
16 import org.junit.BeforeClass;
17 import org.junit.Test;
18
19 public class SimpleTest extends AbstractShiroTest {
20
21     @BeforeClass
22     public static void setUpBeforeClass() throws Exception {
23         Factory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
24         setSecurityManager(factory.getInstance());
25     }
26
27     @Before
28     public void setUp() {
29         // TODO
30     }
31
32     @Test
33     public void testSimple() {
34         super.setSubject(new Subject.Builder(getSecurityManager()).buildSubject());
35
36         Subject subject = SecurityUtils.getSubject();
37         if (!subject.isAuthenticated()) {
38             UsernamePasswordToken token = new UsernamePasswordToken("scott", "tiger", true);
39             try {
40                 subject.login(token);
41             } catch (AuthenticationException e) {
42                 e.printStackTrace();
43             }
44         }
45
46         assertTrue(subject.hasRole("guest"));
47         assertTrue(subject.isPermitted("user:create"));
48         assertTrue(subject.isPermitted("user:retrieve"));
49         assertTrue(subject.isPermitted("user:update"));
50         assertTrue(subject.isPermitted("user:delete"));
51     }
52
53     @After
54     public void tearDown() {
55         clearSubject();
56     }
57
58     @AfterClass
59     public static void tearDownAfterClass() throws Exception {
60         // TODO
61     }
62
63 }
　　
　　示例下载