网上大多数介绍Apache Shiro的资料都是使用ini文件的简单配置为例,很少用讲到如何配合数据库来实现用户认证的。我也是刚刚开始接触Shiro,在这里介绍一个入门级别的Shiro+Mysql的配置方法,这个方法仅仅是个开始,并没有和Web,Spring,Mybatis等框架进行整合,,后续我还会继续和大家分享我的学习过程及心得。
now we can start the things that we really care about.
数据库中创建一个用户表,字段可以很简单。
CREATE TABLE `sec_user` ( `user_id` int(10) unsigned NOT NULL AUTO_INCREMENT, `user_name` varchar(64) COLLATE utf8_bin DEFAULT NULL, `password` varchar(128) COLLATE utf8_bin DEFAULT NULL, `created_time` datetime DEFAULT NULL, `update_time` timestamp NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`user_id`)) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_bin
在表中插入一条记录,用户名:chris.mao.zb@163.com,密码:cmao
在resources目录下创建一个ini文件,配置Shiro(后续文件会将此文件内容移至XML文件中)。在这个配置文件中我们要设置数据源,以及用户认证时使用数据库查询语句。这里用到了Shiro中自带的JdbcRealm类。
[main] dataSource=org.springframework.jdbc.datasource.DriverManagerDataSourcedataSource.driverClassName=com.mysql.jdbc.DriverdataSource.url=jdbc:mysql://127.0.0.1:3306/YOUR_DATABASE_NAMEdataSource.username=YOUR_USERNAMEdataSource.password=YOUR_PASSWORDjdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealmjdbcRealm.permissionsLookupEnabled = true jdbcRealm.dataSource=$dataSourcejdbcRealm.authenticationQuery = SELECT password FROM sec_user WHERE user_name = ? securityManager.realms=$jdbcRealm
关于用户认证的查询语句,我在这里多说两句,小伙伴们不要嫌我啰嗦。我们只需要以用户名为查询条件,查询出密码字段即可,如果您在select后面使用了星号(*)或是查询字段多于一个,都无法通过用户认证。
配置文件写好后,我们就可以动手写个测试方法,来验证是否可以实现用户认证功能了。
package com.emerons.learning;import static org.junit.Assert.*;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.DisabledAccountException;import org.apache.shiro.authc.ExcessiveAttemptsException;import org.apache.shiro.authc.ExpiredCredentialsException;import org.apache.shiro.authc.IncorrectCredentialsException;import org.apache.shiro.authc.LockedAccountException;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.config.IniSecurityManagerFactory;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.subject.Subject;import org.apache.shiro.util.Factory;import org.junit.After;import org.junit.Before;import org.junit.Test;public class JdbcRealmTest {@Beforepublic void setUp() throws Exception {}@Afterpublic void tearDown() throws Exception {}@Testpublic void test() {// 1.获取SecurityManager工厂,此处使用ini配置文件初始化SecurityManagerFactory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini");// 2.获取SecurityManager实例,并绑定到SecurityUtilsSecurityManager sm = factory.getInstance();SecurityUtils.setSecurityManager(sm);// 3.得到SubjectSubject subject = SecurityUtils.getSubject();// 4.创建用户登录凭证UsernamePasswordToken token = new UsernamePasswordToken("chris.mao@emerson.com", "chrismao");// 5.登录,如果登录失败会抛出不同的异常,根据异常输出失败原因try {subject.login(token);// 6.判断是否成功登录assertEquals(true, subject.isAuthenticated());System.out.println("登录成功!!");// 7.注销用户subject.logout();} catch (IncorrectCredentialsException e) {System.out.println("登录密码错误. Password for account " + token.getPrincipal() + " was incorrect.");} catch (ExcessiveAttemptsException e) {System.out.println("登录失败次数过多");} catch (LockedAccountException e) {System.out.println("帐号已被锁定. The account for username " + token.getPrincipal() + " was locked.");} catch (DisabledAccountException e) {System.out.println("帐号已被禁用. The account for username " + token.getPrincipal() + " was disabled.");} catch (ExpiredCredentialsException e) {System.out.println("帐号已过期. the account for username " + token.getPrincipal() + " was expired.");} catch (UnknownAccountException e) {System.out.println("帐号不存在. There is no user with username of " + token.getPrincipal());}}}
运行测试代码,得到如下输出:
INFO : org.springframework.jdbc.datasource.DriverManagerDataSource – Loaded JDBC driver: com.mysql.jdbc.DriverINFO : org.apache.shiro.realm.AuthorizingRealm – No cache or cacheManager properties have been set. Authorization cache cannot be obtained.INFO : org.apache.shiro.config.IniSecurityManagerFactory – Realms have been explicitly set on the SecurityManager instance – auto-setting of realms will not occur.INFO : org.apache.shiro.session.mgt.AbstractValidatingSessionManager – Enabling session validation scheduler…登录成功!!INFO : org.apache.shiro.realm.AuthorizingRealm – No cache or cacheManager properties have been set. Authorization cache cannot be obtained.一个积极奋进的目标,一种矢志不渝的追求。
