Introduction:
In shiro, users need to provide principles and credentials to shiro so that the application can verify the user's identity:
Principles: identity, that is, the identity attribute of the principal, can be anything, such as user name, mailbox, etc., only. A principal can have multiple principals, but only one primary principal, usually user name / password / mobile number.
Credentials: certificates / credentials, that is, security values known only to the principal, such as passwords / digital certificates.
The most common combination of principals and credentials is user name / password. Next, a basic authentication is performed.
1. Introduce dependency:
<dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.9</version> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1.3</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.2</version> </dependency>
2. Create the shrio.ini file under resources, which has two identities and credentials
[users]
lc=123
tt=123
3. Test class:
public class Test { @org.junit.Test public void t1(){ //Obtain SecurityManager Factory, use here Ini Profile initialization SecurityManager Factory<SecurityManager> factory= new IniSecurityManagerFactory("classpath:shiro.ini"); //obtain SecurityManager Instance and bind to SecurityUtils SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); //obtain Subject And create user name/Password authentication Token(I.e. user identity/Voucher) Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken("lc","123"); try { //use token Go to land subject.login(token); System.out.println(subject.isAuthenticated()+" "+subject.getPrincipals()); //Authentication failure exception }catch (AuthenticationException e){ System.out.println("Failure!"); } //Logout subject.logout(); } }
After run: validation successful
Change the user to a wrong username, fail to log in, and throw the validation failure exception
4. Summary:
The process is as follows:
- First, call Subject.login(token) to log in, which will automatically delegate to Security Manager. Before calling, it must be set through SecurityUtils.setSecurityManager();
- The SecurityManager is responsible for the real authentication logic; it delegates to the Authenticator for authentication;
- Authenticator is the real authenticator. The core authentication entry point of Shiro API, where you can insert your own implementation;
- The Authenticator may delegate to the corresponding AuthenticationStrategy for multi Realm authentication. By default, modularealmauthenticator will call the AuthenticationStrategy for multi Realm authentication;
- The Authenticator will pass the corresponding token into the Realm and obtain the authentication information from the Realm. If there is no return / throw exception, it means that the authentication fails. Multiple realms can be configured here and will be accessed according to the corresponding order and policies.