shiro实现认证之自定义Realm案例

1.1、创建实体类

package com.yl.bean;

import java.io.Serializable;

/**
 * 用户实体类
 */
public class User implements Serializable {
    private Integer id;
    private String username;
    private String password;

    public User() {
    }

    public User(Integer id, String username, String password) {
        this.id = id;
        this.username = username;
        this.password = password;
    }

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    @Override
    public String toString() {
        return "User{" +
                "id=" + id +
                ", username=‘" + username + ‘\‘‘ +
                ", password=‘" + password + ‘\‘‘ +
                ‘}‘;
    }
}

1.2、创建持久层接口和实现类

• 接口

package com.yl.dao;

import com.yl.bean.User;

/**
 * 用户持久层接口
 */
public interface IUserDao {

    /**
     * 根据用户名查询用户
     */
    User queryByUsername(String username);

}

• 实现类

package com.yl.dao.impl;

import com.yl.bean.User;
import com.yl.dao.IUserDao;

/**
 * 用户持久层接口实现类
 */
public class IUserDaoImpl implements IUserDao {

    /**
     * 根据用户名查询用户（模拟数据库）
     *
     * @param username
     */
    @Override
    public User queryByUsername(String username) {
        switch (username){
            case "yl01":
                return new User(1,"yl01","1111");
            case "yl02":
                return new User(2,"yl02","1111");
            case "yl03":
                return new User(3,"yl03","1111");
            default:
                return null;
        }
    }
}

1.3、创建业务层接口和实现类

• 接口

package com.yl.service;

import com.yl.bean.User;

import java.util.List;

/**
 * 用户业务层接口
 */
public interface IUserService {

    /**
     * 根据用户名查询用户
     */
    User queryByUsername(String username);

}

• 实现类

package com.yl.service.impl;

import com.yl.bean.User;
import com.yl.dao.IUserDao;
import com.yl.dao.impl.IUserDaoImpl;
import com.yl.service.IUserService;

/**
 * 用户业务层接口实现类
 */
public class IUserServiceImpl implements IUserService {
    private IUserDao userDao=new IUserDaoImpl();

    /**
     * 根据用户名查询用户
     *
     * @param username
     */
    @Override
    public User queryByUsername(String username) {
        return userDao.queryByUsername(username);
    }
}

1.4、自定义Realm

package com.yl.shiro;

import com.yl.bean.User;
import com.yl.service.IUserService;
import com.yl.service.impl.IUserServiceImpl;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;

public class UserRealm extends AuthenticatingRealm {
    private IUserService userService = new IUserServiceImpl();

    /**
     * 用户认证
     *
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
            throws AuthenticationException {
        //获取用户名
        String username = token.getPrincipal().toString();
        //查询用户
        User user = userService.queryByUsername(username);
        //用户认证
        if (user != null) {
            /**
             *参数说明：
             * 参数1：可以是任意对象，作为用户身份
             * 参数2：数据库查询出来的密码
             * 参数3：当前类名
             */
            SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,user.getPassword(),this.getName());
            return info;
        }
        return null;

    }
}

1.5、测试类

package com.yl.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * 测试类
 */
public class ShiroTest {
    //日志输出工具
    private static final transient Logger log = LoggerFactory.getLogger(ShiroTest.class);

    public static void main(String[] args) {
        log.info("My First Apache Shiro Application");
        //创建安全管理器的工厂对象
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        //使用工厂创建安全管理器对象
        DefaultSecurityManager securityManager = (DefaultSecurityManager) factory.getInstance();
        
        //注入自定义reaml，此代码可以换成配置方式，配置文件在下面
        UserRealm userRealm=new UserRealm();
        securityManager.setRealm(userRealm);
        
        //把安全管理器绑定到当前线程
        SecurityUtils.setSecurityManager(securityManager);
        //得到主体对象
        Subject currentUser = SecurityUtils.getSubject();
        //封装用户对象
        AuthenticationToken token=new UsernamePasswordToken("yl01","1111");
       
        try {
             //进行认证
            currentUser.login(token);
            System.out.println("认证通过");
			//获取用户身份
            String username= (String) currentUser.getPrincipal();
            System.out.println(username);
        } catch (AuthenticationException e) {
            System.out.println("用户名或密码错误");
        }

    }

}

• ini配置文件注入自定义Reaml

[main]
# 创建userReaml对象
userRealm= com.yl.shiro.UserRealm
# 把userReaml注入安全管理器,securityManager是自己创建的安全管理器对象名
securityManager.realm=$userRealm

shiro实现认证之自定义Realm案例

原文：https://www.cnblogs.com/Y-wee/p/13939048.html