1.文件结构
2.pom.xml导入包
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<packaging>war</packaging>
<name>shiro01</name>
<groupId>shiro</groupId>
<artifactId>shiro01</artifactId>
<version>1.0-SNAPSHOT</version>
<build>
</build>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<!-- shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/junit/junit -->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
</project>
3.shiro-realm-md5.xml配置
[main]
#定义凭证匹配器
credentialsMatcher=org.apache.shiro.authc.credential.HashedCredentialsMatcher
#散列算法
credentialsMatcher.hashAlgorithmName=md5
#散列次数
credentialsMatcher.hashIterations=1
#将凭证匹配器设置到realm
customRealm=top.wyyblog.md5.realm.CustomRealmMd5
customRealm.credentialsMatcher=$credentialsMatcher
securityManager.realms=$customRealm
4.AuthenticationTest.java
package top.wyyblog.md5.realm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
/**
* 认证测试
*/
public class AuthenticationTest {
public static void main(String[] args) {
//创建SecurityFactory工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:conf/shiro-realm-md5.ini");
//创建SecurityManager
SecurityManager securityManager = factory.getInstance();
//将SecurityManager设置到当前的运行环境中
SecurityUtils.setSecurityManager(securityManager);
//从SecurityUtils里面构造一个subject
Subject subject = SecurityUtils.getSubject();
//认证提交前需要准备token
UsernamePasswordToken token = new UsernamePasswordToken("admin","111111");
//执行认证提交
try {
subject.login(token);
System.out.println("登录成功!");
}catch (UnknownAccountException e){//账户不存在抛出异常UnknownAccountException
System.out.println("UnknownAccountException,账户不存在");
}catch (IncorrectCredentialsException e){
System.out.println("IncorrectCredentialsException,密码错误");
}
//是否认证通过
boolean isAuthenticated = subject.isAuthenticated();
System.out.println(isAuthenticated);
//退出
subject.logout();
}
}
5.CustomRealmMd5.java
package top.wyyblog.md5.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
/**
* 自定义Realm
*/
public class CustomRealmMd5 extends AuthorizingRealm{
//设置realm 的名称
@Override
public void setName(String name) {
super.setName("CustomRealmMd5");
}
/**
* 用于认证
* @param token
* @return
* @throws AuthenticationException
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//第一步:从token中取出用户信息
String userCode = (String)token.getPrincipal();
//第二步:根据用户输入的账户从数据库查询
//如果查询不到返回null
//数据库中用户账号是admin
if (!userCode.equals("admin")){
return null;
}
System.out.println("验证密码");
//模拟从数据库查询的密码,这里是散列后的值,(散列1次)
String password = "f3694f162729b7d0254c6e40260bf15c";
//从数据库获取盐
String salt = "qwerty";
//上面组合原文密码为 111111
//如果查询到返回 AuthenticationInfo
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userCode,password, ByteSource.Util.bytes(salt),this.getName());
return simpleAuthenticationInfo;
}
/**
* 用于授权
* @param principalCollection
* @return
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
}