shiro的内置realm有:

  • IniRealm
  • SimpleAccountRealm
  • JdbcRealm
  • PropertiesRealm

我们在shiro整体架构一节已经演示过SimpleAccountRealm的使用了。

在本节我们会演示IniRealm和JdbcRealm的使用

IniRealm

  1. package com.twx.shiro;
  3. import org.apache.shiro.SecurityUtils;
  4. import org.apache.shiro.authc.UsernamePasswordToken;
  5. import org.apache.shiro.mgt.DefaultSecurityManager;
  6. import org.apache.shiro.realm.text.IniRealm;
  7. import org.apache.shiro.subject.Subject;
  8. import org.junit.Test;
  10. public class IniRealmTest {
  12.     @Test
  13.     public void testAuthentication(){
  15.         IniRealm iniRealm = new IniRealm("classpath:user.ini");
  17.         //1.构建SecruityManager环境
  18.         DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
  19.         defaultSecurityManager.setRealm(iniRealm);
  21.         //2. 主体提交认证请求
  22.         SecurityUtils.setSecurityManager(defaultSecurityManager);
  23.         Subject subject = SecurityUtils.getSubject();
  25.         UsernamePasswordToken token = new UsernamePasswordToken("mark","123456");
  26.         subject.login(token);
  28.         System.out.println("isAuthenticated: "+subject.isAuthenticated());
  29. //
  30.         subject.checkRole("admin");
  31. //
  32.         subject.checkPermissions("user:update","user:delete");
  35.        /* subject.logout();
  36.         System.out.println("isAuthenticated: "+subject.isAuthenticated());*/
  37.     }
  39. }

user.ini

  1. [users]
  2. mark=123456,admin
  3. [roles]
  4. admin=user:delete,user:update

JdbcRealm

package com.twx.shiro;

import com.alibaba.druid.pool.DruidDataSource;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;

public class JdbcRealTest {

    DruidDataSource dataSource = new DruidDataSource();

    {
        dataSource.setUrl("jdbc:mysql://localhost:3306/test");
        dataSource.setUsername("twx");
        dataSource.setPassword("soyuan123");
    }

    @Test
    public void testAuthentication(){

        JdbcRealm jdbcRealm = new JdbcRealm();
        jdbcRealm.setDataSource(dataSource);
        //必须为true才能开启权限检查
        jdbcRealm.setPermissionsLookupEnabled(true);

//        String sql = "select password from test_user where username = ?";
//        jdbcRealm.setAuthenticationQuery(sql);

//        String roleSql = "select role_name from test_user_role where user_name = ?";
//        jdbcRealm.setUserRolesQuery(roleSql);

//        String rolePermissionSql = "select permission from test_role_permission where role_name = ?";
//        jdbcRealm.setPermissionsQuery(rolePermissionSql);
        //1.构建SecruityManager环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(jdbcRealm);

        //2. 主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("twx","654321");
        subject.login(token);

        System.out.println("isAuthenticated: "+subject.isAuthenticated());

       /* subject.checkRole("admin");
        subject.checkPermission("user:select");*/


       /* subject.logout();
        System.out.println("isAuthenticated: "+subject.isAuthenticated());*/

        subject.checkRole("user");
        subject.checkPermission("delete");
    }
}

JdbcRealm默认查找用户、角色、权限的SQL语句如下:

 /**
     * The default query used to retrieve account data for the user.
     */
    protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password from users where username = ?";

    /**
     * The default query used to retrieve account data for the user when {@link #saltStyle} is COLUMN.
     */
    protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt from users where username = ?";

    /**
     * The default query used to retrieve the roles that apply to a user.
     */
    protected static final String DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where username = ?";

    /**
     * The default query used to retrieve permissions that apply to a particular role.
     */
    protected static final String DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions where role_name = ?";

所以我们默认创建了三张表,表结构如下:

屏幕快照 2019-04-23 00.05.07.png

屏幕快照 2019-04-23 00.05.29.png

屏幕快照 2019-04-23 00.05.42.png

表结构对应的就是jdbcrealm默认的SQL语句。

当然我们可以使用程序中注解的语句,从我们自己的表中获取用户、角色、权限


//        String sql = "select password from test_user where username = ?";
//        jdbcRealm.setAuthenticationQuery(sql);

//        String roleSql = "select role_name from test_user_role where user_name = ?";
//        jdbcRealm.setUserRolesQuery(roleSql);

//        String rolePermissionSql = "select permission from test_role_permission where role_name = ?";
//        jdbcRealm.setPermissionsQuery(rolePermissionSql);