Shiro认证实战

最新推荐文章于 2022-04-25 22:26:20 发布

原创最新推荐文章于 2022-04-25 22:26:20 发布 · 323 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#Shiro #认证

安全同时被 2 个专栏收录

187 篇文章

订阅专栏

Shiro

14 篇文章

订阅专栏

一 Shiro认证流程图

二实战

1 新建pom

<dependencies>
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.4.0</version>
    </dependency>

    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>RELEASE</version>
    </dependency>
</dependencies>

2 测试认证

package com.liuyanzhao.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;


public class AuthenticationTest {

    SimpleAccountRealm simpleAccountRealm = new SimpleAccountRealm();

    @Before
    public void addUser() {
        simpleAccountRealm.addAccount("Tom","1234567");
    }

    @Test
    public void testAuthentication() {
        //1、构建SecurityManager环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(simpleAccountRealm);
        //2、主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("Tom","1234567");
        subject.login(token);
        System.out.println("isAuthenticated："+subject.isAuthenticated());
        subject.logout();
        System.out.println("isAuthenticated："+subject.isAuthenticated());
    }
}

三测试结果

isAuthenticated：true

isAuthenticated：false

四 shiro认证代码源码阅读

public class DelegatingSubject implements Subject {
    public void login(AuthenticationToken token) throws AuthenticationException {
        Subject subject = securityManager.login(this, token);

public class DefaultSecurityManager extends SessionsSecurityManager {
    public Subject login(Subject subject, AuthenticationToken token) throws AuthenticationException {
            info = authenticate(token);

public abstract class AuthenticatingSecurityManager extends RealmSecurityManager
    public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException
        return this.authenticator.authenticate(token);
        
public abstract class AbstractAuthenticator implements Authenticator, LogoutAware        
    public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException
            info = doAuthenticate(token);
            
public class ModularRealmAuthenticator extends AbstractAuthenticator {        
    protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
        Collection<Realm> realms = getRealms();
            return doSingleRealmAuthentication(realms.iterator().next(), authenticationToken);
    protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) {
        AuthenticationInfo info = realm.getAuthenticationInfo(token);
        
public abstract class AuthenticatingRealm extends CachingRealm implements Initializable {
    public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            info = doGetAuthenticationInfo(token);

public class SimpleAccountRealm extends AuthorizingRealm {
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            if (!cm.doCredentialsMatch(token, info)) {

public class SimpleCredentialsMatcher extends CodecSupport implements CredentialsMatcher {
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        Object tokenCredentials = getCredentials(token);
        Object accountCredentials = getCredentials(info);
        return equals(tokenCredentials, accountCredentials);