JdbcRealm数据库数据源

IniRealm是配置数据库数据源,一般在ini文件里面设置数据相关信息。

创建user.ini

//shiro-jdbc.ini配置
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/shiro
dataSource.username=root
dataSource.password=123456
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm

mysql建表

//mysql语句
drop database if exists shiro;
create database shiro;
use shiro;

create table users (
  id bigint auto_increment,
  username varchar(100),
  password varchar(100),
  password_salt varchar(100),
  constraint pk_users primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_users_username on users(username);

create table user_roles(
  id bigint auto_increment,
  username varchar(100),
  role_name varchar(100),
  constraint pk_user_roles primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_user_roles on user_roles(username, role_name);

create table roles_permissions(
  id bigint auto_increment,
  role_name varchar(100),
  permission varchar(100),
  constraint pk_roles_permissions primary key(id)
) charset=utf8 ENGINE=InnoDB;
create unique index idx_roles_permissions on roles_permissions(role_name, permission);

insert into users(username,password)values('zhang','123');

securityManager进行用户验证

//test.java
@Test
public void testShiroJdbcRealm(){
	//1.得到securityManager并实例化
	IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro-jdbc.ini");
	SecurityManager securityManager = factory.getInstance();
	//2.绑定给SecurityUtils
	SecurityUtils.setSecurityManager(securityManager);
	//3.得到subject和进行用户身份验证的token
	Subject subject = SecurityUtils.getSubject();
	UsernamePasswordToken token = new UsernamePasswordToken("zhang","123");
	try{
		subject.login(token);
	}catch (AuthenticationException e){

	}
	Boolean b = subject.isAuthenticated();
	subject.logout();
}

上面用的是jdbcrealm默认的表和查询语言进行查询,如果需要自定义表,自定义查询语句,则可以参考下面代码。

JdbcRealm自定义

public class JdbcRealmTest {
    private static DruidDataSource dataSource;
    static {
        dataSource = new DruidDataSource();
        dataSource.setUrl("jdbc:mysql://127.0.0.1:3306/shiro");
        dataSource.setUsername("root");
        dataSource.setPassword("root");
    }
    @Test
    public void testJdbcRealm(){
        //1、初始化JdbcRealm
        JdbcRealm jdbcRealm = new JdbcRealm();
        jdbcRealm.setDataSource(dataSource);
        /**
         * 重点:JdbcRealm默认不开启权限检查,若要判断某角色是否有某样权限,需要开启此设置,否则会由于无法检查权限表,
         * 导致查询到的权限为空。
         */
        jdbcRealm.setPermissionsLookupEnabled(true);

        //(1)自定义查询密码(若不自定义,JdbcRealm有默认查询语句)
        String authenticationQuery = "select password from users where username = ?";
        jdbcRealm.setAuthenticationQuery(authenticationQuery);
        //(2)自定义查询角色(若不自定义,JdbcRealm有默认查询语句)
        String userRolesQuery = "select role_name from user_roles where username = ?";
        jdbcRealm.setUserRolesQuery(userRolesQuery);
        //(3)自定义查询权限(若不自定义,JdbcRealm有默认查询语句)
        String permissionsQuery = "select permission from roles_permissions where role_name = ?";
        jdbcRealm.setPermissionsQuery(permissionsQuery);

        //2、创建SecurityManager
        DefaultSecurityManager securityManager = new DefaultSecurityManager();

        //3、设置数据源
        securityManager.setRealm(jdbcRealm);

        SecurityUtils.setSecurityManager(securityManager);

        Subject subject = SecurityUtils.getSubject();

        AuthenticationToken token = new UsernamePasswordToken("root", "root");
        subject.login(token);

        System.out.println(subject.isAuthenticated());

        subject.checkRole("admin");
        subject.checkPermission("user:delete");
    }
}

版权声明:本文为JAVASCHOOL原创文章,未经本站允许不得转载。