package com.bjsxt.shiro02;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
public class TestB {
public static void main(String[] args) {
//[1]解析shiro.ini 文件
IniSecurityManagerFactory factory =new IniSecurityManagerFactory("classpath:shiro04-jdbc.ini ");
//[2]通过SecurityManager 工厂获得SecurityManager 实例
SecurityManager securityManager = factory.getInstance();
//[3]用SecurityUtils把SecurityManager 对象设置到运行
SecurityUtils.setSecurityManager(securityManager);
//[4]通过SecurityUtils 获得主体 subject
Subject subject = SecurityUtils.getSubject();
//[5]书写自己输入的账号和密码---相当于用户自己输入的账号和密码
//我们拿着自己书写用户名密码去和shiro.ini 文件中的账号密码比较
UsernamePasswordToken token = new UsernamePasswordToken("root","root");
try {
//[6]进行身份的验证
subject.login(token);
//[7]通过方法判断是否登录成功
if (subject.isAuthenticated()) {
System.out.println("登录成功");
}
}catch (IncorrectCredentialsException e){
System.out.println("凭证(密码)不正确");
}catch (UnknownAccountException e1){
System.out.println("用户名不正确");
}catch (ExpiredCredentialsException e){
System.out.println("凭证过期");
}catch (ExcessiveAttemptsException e){
System.out.println("尝试次数过多");
e.printStackTrace();
}catch (ConcurrentAccessException e){
System.out.println("竞争次数过多");
}
}
}
自定义Realm文件
package com.bjsxt.shiro02;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
/**
* 自定义Realm
*/
/**
* 授权
*/
public class UserRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
try{
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/shiro","root","zjx666888");
PreparedStatement preparedStatement = conn.prepareStatement("select uname,pwd from user");
ResultSet rs = preparedStatement.executeQuery();
while (rs.next()){
//把查到的数据集合给这个对象
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(rs.getString("uname"),rs.getString("pwd"),"real");
return info;
}
}catch (Exception e){
}
return null;
}
}
ini配置文件
数据库内容
老师为什么我输入sxt和123就可以登录成功,输入其他的就是密码错误??????????????