ToB企服应用市场:ToB评测及商务社交产业平台

标题: Shiro-00-shiro 概览 [打印本页]
作者: 涛声依旧在    时间: 2024-4-24 14:01
标题: Shiro-00-shiro 概览
RBAC

RBCA
RBCA zh_CN
Shiro

Apache Shiro 是一个强大且易于使用的 Java 安全框架,负责执行身份验证、授权、加密和会话管理。
通过 Shiro 的易于理解的 API,您可以快速而轻松地保护任何应用程序,从最小的移动应用到最大的 Web 和企业应用。
Shiro 提供了应用程序安全 API,用于执行以下方面:
    Subject->SecurityManager:    SecurityManager->Realms:
shiro
shiro zh_CN
Hello world

  1. <dependencies>
  2.     <dependency>
  3.         <groupId>junit</groupId>
  4.         <artifactId>junit</artifactId>
  5.         <version>4.9</version>
  6.     </dependency>
  7.     <dependency>
  8.         <groupId>commons-logging</groupId>
  9.         <artifactId>commons-logging</artifactId>
  10.         <version>1.1.3</version>
  11.     </dependency>
  12.     <dependency>
  13.         <groupId>org.apache.shiro</groupId>
  14.         <artifactId>shiro-core</artifactId>
  15.         <version>1.2.2</version>
  16.     </dependency>
  17. </dependencies>
复制代码
create this file under the classpath.
  1. [users]
  2. ryo=123
  3. wang=123
复制代码
  1. @Test
  2. public void testHelloworld() {
  3.     Factory<SecurityManager> factory =
  4.             new IniSecurityManagerFactory("classpath:shiro.ini");
  6.     org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
  7.     SecurityUtils.setSecurityManager(securityManager);
  8.     Subject subject = SecurityUtils.getSubject();
  9.     UsernamePasswordToken token = new UsernamePasswordToken("ryo", "123");
  11.     try {
  12.         subject.login(token);
  13.     } catch (AuthenticationException e) {
  14.         //login falied
  15.     }
  17.    assertEquals(true, subject.isAuthenticated());   //assert user has logined.
  19.    //logout
  20.    subject.logout();
  21. }
复制代码
Realms

Realms(领域)充当 Shiro 与您的应用程序安全数据之间的“桥梁”或“连接器”。
当需要实际与安全相关的数据进行交互,例如从用户帐户执行身份验证(登录)和授权(访问控制)时,Shiro 会查找配置为应用程序的一个或多个领域中的许多信息。
  1. public interface Realm {
  2.     String getName();   //返回一个唯一的Realm名字
  4.     boolean supports(AuthenticationToken var1); //判断此Realm是否支持此Token
  6.     AuthenticationInfo getAuthenticationInfo(AuthenticationToken var1) throws AuthenticationException;  //根据Token获取认证信息
  7. }
复制代码
  1. public class MyRealm implements Realm {
  2.     @Override
  3.     public String getName() {
  4.         return "firstRealm";
  5.     }
  7.     @Override
  8.     public boolean supports(AuthenticationToken authenticationToken) {
  9.         //仅支持UsernamePasswordToken类型的Token
  10.         return authenticationToken instanceof UsernamePasswordToken;
  11.     }
  13.     @Override
  14.     public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
  15.         String username = (String) authenticationToken.getPrincipal();      //get username
  16.         String password = new String((char[]) authenticationToken.getCredentials());    //get password
  17.         if (!"ryo".equals(username)) {
  18.             throw new UnknownAccountException();
  19.         }
  20.         if (!"123".equals(password)) {
  21.             throw new IncorrectCredentialsException();
  22.         }
  24.         //如果身份认证验证成功,返回一个AuthenticationInfo实现;
  25.         return new SimpleAuthenticationInfo(username, password, getName());
  26.     }
  27. }
复制代码
create this file under the classpath.
  1. #declear realm
  2. firstRealm=com.ryo.shiro.MyRealm
  3. #point the realms impls of securityManager
  4. securityManager.realms=$firstRealm
复制代码
  1. @Test
  2. public void testRealm() {
  3.     Factory<SecurityManager> factory =
  4.             new IniSecurityManagerFactory("classpath:shiro-realm.ini");
  5.     org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
  6.     SecurityUtils.setSecurityManager(securityManager);
  7.     Subject subject = SecurityUtils.getSubject();
  8.     UsernamePasswordToken token = new UsernamePasswordToken("ryo", "123");
  10.     try {
  11.         subject.login(token);
  12.     } catch (AuthenticationException e) {
  13.     }
  15.     assertEquals(true, subject.isAuthenticated());
  17.     subject.logout();
  18. }
复制代码
multi-realm

  1. public class SecondRealm implements Realm {
  2.     public String getName() {
  3.         return "secondRealm";
  4.     }
  6.     public boolean supports(AuthenticationToken authenticationToken) {
  7.         return authenticationToken instanceof UsernamePasswordToken;
  8.     }
  10.     public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
  11.         String username = (String) authenticationToken.getPrincipal();
  12.         String password = new String((char[]) authenticationToken.getCredentials());
  13.         if (!"wang".equals(username)) {
  14.             throw new UnknownAccountException();
  15.         }
  16.         if (!"123".equals(password)) {
  17.             throw new IncorrectCredentialsException();
  18.         }
  19.         return new SimpleAuthenticationInfo(username, password, getName());
  20.     }
  21. }
复制代码
  1. [main]
  2. #define
  3. firstRealm=com.ryo.shiro.FirstRealm
  4. secondRealm=com.ryo.shiro.SecondRealm
  5. #use
  6. securityManager.realms=$firstRealm,$secondRealm
复制代码
  1. @Test
  2. public void testMultiRealm() {
  3.     Factory<SecurityManager> factory =
  4.             new IniSecurityManagerFactory("classpath:shiro-multi-realm.ini");
  6.     org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
  7.     SecurityUtils.setSecurityManager(securityManager);
  9.     Subject subject = SecurityUtils.getSubject();
  10.     UsernamePasswordToken token = new UsernamePasswordToken("wang", "123");
  12.     try {
  13.         subject.login(token);
  14.     } catch (AuthenticationException e) {
  15.         e.printStackTrace();
  16.     }
  18.     Assert.assertEquals(true, subject.isAuthenticated());
  20.     subject.logout();
  21. }
复制代码
Notice
The realm worked only after you used it.
JDBC Realm

  1. <dependency>
  2.     <groupId>mysql</groupId>
  3.     <artifactId>mysql-connector-java</artifactId>
  4.     <version>5.1.25</version>
  5. </dependency>
  6. <dependency>
  7.     <groupId>com.alibaba</groupId>
  8.     <artifactId>druid</artifactId>
  9.     <version>0.2.23</version>
  10. </dependency>
复制代码
  1. DROP DATABASE IF EXISTS shiro;
  2. CREATE DATABASE shiro;
  3. USE shiro;
  5. CREATE TABLE users (
  6.   id            BIGINT AUTO_INCREMENT,
  7.   username      VARCHAR(100),
  8.   password      VARCHAR(100),
  9.   password_salt VARCHAR(100),
  10.   CONSTRAINT pk_users PRIMARY KEY (id)
  11. )
  12.   CHARSET = utf8
  13.   ENGINE = InnoDB;
  14. CREATE UNIQUE INDEX idx_users_username ON users (username);
  16. CREATE TABLE user_roles (
  17.   id        BIGINT AUTO_INCREMENT,
  18.   username  VARCHAR(100),
  19.   role_name VARCHAR(100),
  20.   CONSTRAINT pk_user_roles PRIMARY KEY (id)
  21. )
  22.   CHARSET = utf8
  23.   ENGINE = InnoDB;
  24. CREATE UNIQUE INDEX idx_user_roles ON user_roles (username, role_name);
  26. CREATE TABLE roles_permissions (
  27.   id         BIGINT AUTO_INCREMENT,
  28.   role_name  VARCHAR(100),
  29.   permission VARCHAR(100),
  30.   CONSTRAINT pk_roles_permissions PRIMARY KEY (id)
  31. )
  32.   CHARSET = utf8
  33.   ENGINE = InnoDB;
  34. CREATE UNIQUE INDEX idx_roles_permissions ON roles_permissions (role_name, permission);
  36. INSERT INTO users (username, password) VALUES ('wang', '123');
  37. INSERT INTO users (username, password) VALUES ('ryo', '123');
复制代码
  1. [main]
  2. jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
  3. dataSource=com.alibaba.druid.pool.DruidDataSource
  4. dataSource.driverClassName=com.mysql.jdbc.Driver
  5. dataSource.url=jdbc:mysql://localhost:3307/shiro
  6. dataSource.username=root
  7. dataSource.password=${youOwnSQLPassword}
  8. jdbcRealm.dataSource=$dataSource
  9. securityManager.realms=$jdbcRealm
  12. ;1、varName=className    auto create an instance of class.
  13. ;2、varName.property=val         auto call the set()
  14. ;3、$varname             reference an object define before;
复制代码
  1. @Test
  2. public void testJDBCRealm() {
  3.     Factory<org.apache.shiro.mgt.SecurityManager> factory =
  4.             new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini");
  6.     org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
  7.     SecurityUtils.setSecurityManager(securityManager);
  9.     Subject subject = SecurityUtils.getSubject();
  10.     UsernamePasswordToken token = new UsernamePasswordToken("ryo", "123");
  12.     try {
  13.         subject.login(token);
  14.     } catch (AuthenticationException e) {
  15.         e.printStackTrace();
  16.     }
  18.     Assert.assertEquals(true, subject.isAuthenticated());
  20.     subject.logout();
  21. }
复制代码
Authenticator

  1. [main]
  2. authenticator = com.foo.bar.CustomAuthenticator
  4. securityManager.authenticator = $authenticator
复制代码
SecurityManager.java
  1. public interface SecurityManager extends Authenticator, Authorizer, SessionManager {
  2. }
复制代码
Authenticator.java
  1. public interface Authenticator {
  2.     AuthenticationInfo authenticate(AuthenticationToken var1) throws AuthenticationException;
  3. }
复制代码
AuthenticationStrategy

当为应用程序配置了两个或更多领域时,ModularRealmAuthenticator 依赖于内部的 AuthenticationStrategy 组件来确定身份验证尝试成功或失败的条件。
        AuthenticationStrategy 类        描述                AtLeastOneSuccessfulStrategy        如果一个或多个领域成功验证,则将考虑整体尝试成功。如果没有一个验证成功,则尝试失败。                FirstSuccessfulStrategy        仅使用从第一个成功验证的领域返回的信息。所有后续领域将被忽略。如果没有一个验证成功,则尝试失败。                AllSuccessfulStrategy        所有配置的领域必须成功验证才能考虑整体尝试成功。如果有任何一个验证不成功,则尝试失败。    1、这里定义了三个用于测试的领域:
2、shiro-authenticator-all-success.ini
ModularRealmAuthenticator 默认使用 AtLeastOneSuccessfulStrategy 实现,因为这是最常用的策略。
但是,如果需要,您可以配置不同的策略。
  1. [main]
  2. #point out securityManager's authenticator  
  3. authenticator=org.apache.shiro.authc.pam.ModularRealmAuthenticator  
  4. securityManager.authenticator=$authenticator  
  5.   
  6. #Point out securityManager.authenticator's authenticationStrategy  
  7. allSuccessfulStrategy=org.apache.shiro.authc.pam.AllSuccessfulStrategy  
  8. securityManager.authenticator.authenticationStrategy=$allSuccessfulStrategy  
  10. #Define and use realms
  11. firstRealm=com.ryo.shiro.FirstRealm
  12. secondRealm=com.ryo.shiro.SecondRealm
  13. thirdRealm=com.ryo.shiro.ThirdRealm
  14. securityManager.realms=$firstRealm,$thirdRealm
复制代码
3、AuthenticatorTest.java
  1. @Test
  2. public void testAllSuccessfulStrategyWithSuccess() {
  3.     Subject subject = getSubjectByPath("classpath:shiro-authenticator-all-success.ini");
  5.     UsernamePasswordToken token = new UsernamePasswordToken("ryo", "123");
  6.     subject.login(token);
  8.     PrincipalCollection principalCollection = subject.getPrincipals();
  9.     assertEquals("ryo,ryo@gmail.com", principalCollection.toString());
  10. }
  12. private Subject getSubjectByPath(String configFilePath) {
  13.     Factory<SecurityManager> factory = new IniSecurityManagerFactory(configFilePath);
  15.     SecurityManager securityManager = factory.getInstance();
  16.     SecurityUtils.setSecurityManager(securityManager);
  17.     return SecurityUtils.getSubject();
  18. }
复制代码
提示
如果您想自己创建自己的 AuthenticationStrategy 实现,您可以使用 org.apache.shiro.authc.pam.AbstractAuthenticationStrategy 作为起点。
[code]public class OnlyOneAuthenticatorStrategy extends AbstractAuthenticationStrategy {    //Simply returns the aggregate argument without modification.    @Override    public AuthenticationInfo beforeAllAttempts(Collection



欢迎光临 ToB企服应用市场:ToB评测及商务社交产业平台 (https://dis.qidao123.com/) Powered by Discuz! X3.4