Apache Shiro教程(二)简易程序配置

1、配置shiro.ini文件

    此处采用 SHA-512 算法加密,哈希1024次,哈希后的密码以64位编码存储

 1 # ===================================================================================
 2 # Shiro INI configuration
 3 # ===================================================================================
 4 [main]
 5 hashedCredentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
 6 hashedCredentialsMatcher.hashAlgorithmName = SHA-512
 7 hashedCredentialsMatcher.hashIterations = 1024
 8 hashedCredentialsMatcher.storedCredentialsHexEncoded = false
 9 saltAwareIniRealm = com.cnblogs.javalouvre.shiro.realm.text.SaltAwareIniRealm
10 saltAwareIniRealm.resourcePath = classpath:shiro.ini
11 saltAwareIniRealm.credentialsMatcher = $hashedCredentialsMatcher
12 securityManager.realm = $saltAwareIniRealm
13 ehCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
14 ehCacheManager.cacheManagerConfigFile = classpath:ehcache.xml
15 securityManager.cacheManager = $ehCacheManager
16 
17 [users]
18 system = E18H4biesus/SiiAyGb/sLDHpRACpwofpmKAgYojqxG8w1mX9aFGu51/O+ha02fpr4zoQXfyE/W919KWv7RwLA==, admin
19 scott  = rzN+XZiPCHa+8O9c7jCnEzCE0BOgzitMU2x1aG6eg5f0wpnZcY9HaxyraO9NqUklI5y2bu1xrtgmJRrDe34xrg==, guest
20 
21 [roles]
22 admin = *
23 guest = user:create, user:retrieve, user:update, user:delete

2、自定义Realm

    该类继承自类 org.apache.shiro.realm.text.IniRealm 重写 doGetAuthenticationInfo 方法,设置盐值

 1 package com.cnblogs.javalouvre.shiro.realm.text;
 2 
 3 import org.apache.shiro.authc.AuthenticationException;
 4 import org.apache.shiro.authc.AuthenticationInfo;
 5 import org.apache.shiro.authc.AuthenticationToken;
 6 import org.apache.shiro.authc.ExpiredCredentialsException;
 7 import org.apache.shiro.authc.LockedAccountException;
 8 import org.apache.shiro.authc.SimpleAccount;
 9 import org.apache.shiro.authc.UsernamePasswordToken;
10 import org.apache.shiro.realm.text.IniRealm;
11 import org.apache.shiro.util.SimpleByteSource;
12 
13 public class SaltAwareIniRealm extends IniRealm {
14 
15     @Override
16     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
17         UsernamePasswordToken upToken = (UsernamePasswordToken) token;
18         SimpleAccount account = getUser(upToken.getUsername());
19         if (account != null) {
20             if (account.isLocked()) {
21                 throw new LockedAccountException("Account [" + account + "] is locked.");
22             }
23             if (account.isCredentialsExpired()) {
24                 throw new ExpiredCredentialsException("The credentials for account [" + account + "] are expired.");
25             }
26         }
27         account.setCredentialsSalt(ByteSource.Util.bytes("Nazi"));
28 
29         return account;
30     }
31 
32 }

3、编写测试类

    该类继承自 org.apache.shiro.test.AbstractShiroTest

 1 package com.cnblogs.javalouvre.simple;
 2 
 3 import static org.junit.Assert.assertTrue;
 4 
 5 import org.apache.shiro.SecurityUtils;
 6 import org.apache.shiro.authc.AuthenticationException;
 7 import org.apache.shiro.authc.UsernamePasswordToken;
 8 import org.apache.shiro.config.IniSecurityManagerFactory;
 9 import org.apache.shiro.mgt.SecurityManager;
10 import org.apache.shiro.subject.Subject;
11 import org.apache.shiro.test.AbstractShiroTest;
12 import org.apache.shiro.util.Factory;
13 import org.junit.After;
14 import org.junit.AfterClass;
15 import org.junit.Before;
16 import org.junit.BeforeClass;
17 import org.junit.Test;
18 
19 public class SimpleTest extends AbstractShiroTest {
20 
21     @BeforeClass
22     public static void setUpBeforeClass() throws Exception {
23         Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
24         setSecurityManager(factory.getInstance());
25     }
26 
27     @Before
28     public void setUp() {
29         // TODO
30     }
31 
32     @Test
33     public void testSimple() {
34         super.setSubject(new Subject.Builder(getSecurityManager()).buildSubject());
35 
36         Subject subject = SecurityUtils.getSubject();
37         if (!subject.isAuthenticated()) {
38             UsernamePasswordToken token = new UsernamePasswordToken("scott", "tiger", true);
39             try {
40                 subject.login(token);
41             } catch (AuthenticationException e) {
42                 e.printStackTrace();
43             }
44         }
45 
46         assertTrue(subject.hasRole("guest"));
47         assertTrue(subject.isPermitted("user:create"));
48         assertTrue(subject.isPermitted("user:retrieve"));
49         assertTrue(subject.isPermitted("user:update"));
50         assertTrue(subject.isPermitted("user:delete"));
51     }
52 
53     @After
54     public void tearDown() {
55         clearSubject();
56     }
57 
58     @AfterClass
59     public static void tearDownAfterClass() throws Exception {
60         // TODO
61     }
62 
63 }

 

示例下载

posted @ 2013-09-25 11:55  Bruce.Chang.Lee  阅读(1675)  评论(0)    收藏  举报