Shiro认证过程

shrio认证流程图

Shiro认证流程

1. 创建SecurityManager；

2. 主体提交认证 ；

3. SecurityManager认证；

4. SecurityManager是用Authenticator来认证；

5. authenticator认证是通过Realm获取认证数据做最终的认证。

maven依赖

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.4.0</version>
    </dependency>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>4.12</version>
    </dependency>

测试用例

package com.jarworker.test;

import org.apache.shiro.subject.Subject;
import org.junit.Before;
import org.junit.Test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.SimpleAccountRealm;

/**
 * 认证测试
 */
public class AuthenticatorTest {
    SimpleAccountRealm simpleAccountRealm;
    @Before
    public void addAuthenticatorUser() throws Exception {
        simpleAccountRealm=new SimpleAccountRealm();
        simpleAccountRealm.addAccount("jarworker","123");
    }

    @Test
    public void testAuthenticator() throws Exception {
        //构建DefaultSecurityManager 环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(simpleAccountRealm);
      
        //主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("jarworker","123");
        subject.login(token);
        System.out.println("是否认证："+subject.isAuthenticated());
        subject.logout();//登出
        System.out.println("是否认证："+subject.isAuthenticated());
    }
}