Shulou(Shulou.com)06/01 Report--

Identity verification, i.e. who can prove in the app that he is himself. Some identification information such as their ID is generally provided to indicate that they are themselves, such as providing ××, username/password to prove.

In Shiro, the user needs to provide principals and credentials to Shiro so that the application can authenticate the user:

Principals: Identity, that is, the identity attribute of the subject, can be anything, such as user name, email, etc., unique. A principal can have multiple principals, but only one Primary principal, usually username/password/mobile phone number.

credentials: credentials, i.e. security values known only to the principal, such as passwords/digital certificates.

The most common combination of principals and credentials is username/password. Next, a basic identity authentication is performed.

Two other related concepts are the previously mentioned Subject and Realm, which are the data sources of the subject and the validation subject, respectively.

2.2 Environmental preparation

This article was built using Maven, so a little knowledge of Maven is required. First prepare for environmental dependencies:

Java code

[users]

zhang=123

wang=123

Here, using the ini configuration file, two subjects are specified by [users]: zhang/123, wang/123.

2. Test case (com.github.zhangkaitao.shiro.chapter2.LoginLogoutTest)

Java code

String getName(); //Returns a unique Realm name

boolean supports(AuthenticationToken token); //Determine whether this Realm supports this Token

AuthenticationInfo getAuthenticationInfo(AuthenticationToken token)

throws AuthenticationException; //Obtain authentication information according to Token

Single Realm Configuration

1. Custom Realm implementation (com.github.zhangkaitao.shiro.chapter2.realm.MyRealm1):

Java code

Declare a realm

myRealm1=com.github.zhangkaitao.shiro.chapter2.realm.MyRealm1

#Specify realms implementation of securityManager

securityManager.realms=$myRealm1

Introducing the previous realm definition with $name

3. For test cases, please refer to the testCustomRealm test method of com.github.zhangkaitao.shiro.chapter2.LoginLogoutTest. You only need to change the previous shiro.ini configuration file to shiro-realm.ini.

Multi-Realm Configuration

1. ini configuration file (shiro-multi-realm.ini)

Java code

mysql

mysql-connector-java

5.1.25

com.alibaba

druid

0.2.23

This article will use mysql database and druid connection pool;

2. Create three tables in the database shiro: users (username/password), user_roles (user/role), roles_permissions (role/permission). For details, please refer to shiro-example-chapter2/sql/shiro.sql; and add a user record with the username/password of zhang/123;

3. ini configuration (shiro-jdbc-realm.ini)

Java code

public AuthenticationInfo authenticate(AuthenticationToken authenticationToken)

throws AuthenticationException;

If the verification succeeds, AuthenticationInfo verification information will be returned; this information includes identity and credentials; if the verification fails, the corresponding AuthenticationException implementation will be thrown.

SecurityManager interface inherits Authenticator. There is also a ModularRealmAuthenticator implementation, which delegates authentication to multiple Realms. The authentication rules are specified through AuthenticationStrategy interface. The default implementation is provided:

FirstSuccessfulStrategy: As long as one Realm is successfully verified, only the authentication information of the first Realm is returned successfully, and the others are ignored;

AtLeastOneSuccessfulStrategy: As long as there is one Realm successfully verified, it is different from FirstSuccessfulStrategy, and returns authentication information of all Realm successful authentication;

AllSuccessfulStrategy: All Realm authentications are successful, and authentication information for all Realm authentications is returned. If there is a failure, it fails.

ModularRealmAuthenticator uses AtLeastOneSuccessfulStrategy by default.

Suppose we have three realms:

myRealm1: Success when username/password is zhang/123, and returned identity/credentials are zhang/123;

myRealm2: Success when username/password is wang/123, and returned identity/credentials are wang/123;

myRealm3: When the username/password is zhang/123, it succeeds, and the returned identity/credentials are zhang@163.com/123, which is different from myRealm1. When returning, the identity changes;

1. ini configuration file (shiro-authenticator-all-success.ini)

Java code

myRealm1=com.github.zhangkaitao.shiro.chapter2.realm.MyRealm1

myRealm2=com.github.zhangkaitao.shiro.chapter2.realm.MyRealm2

myRealm3=com.github.zhangkaitao.shiro.chapter2.realm.MyRealm3

securityManager.realms=$myRealm1,$myRealm3

2. Test code (com.github.zhangkaitao.shiro.chapter2.AuthenticatorTest)

2.1 First, generalize the login logic.

Java code

@Test

public void testAllSuccessfulStrategyWithSuccess() {

login("classpath:shiro-authenticator-all-success.ini");

Subject subject = SecurityUtils.getSubject();

//Get an identity set that contains identity information for Realm authentication success

PrincipalCollection principalCollection = subject.getPrincipals();

Assert.assertEquals(2, principalCollection.asList().size());

}

PrincipalCollection contains the identity information of zhang and zhang@163.com.

2.3 Test AllSuccessfulStrategy failed:

Java code

//Called before all Realm validations

AuthenticationInfo beforeAllAttempts(

Collection realms, AuthenticationToken token)

throws AuthenticationException;

//call before each Realm

AuthenticationInfo beforeAttempt(

Realm realm, AuthenticationToken token, AuthenticationInfo aggregate)

throws AuthenticationException;

//called after each Realm

AuthenticationInfo afterAttempt(

Realm realm, AuthenticationToken token,

AuthenticationInfo singleRealmInfo, AuthenticationInfo aggregateInfo, Throwable t)

throws AuthenticationException;

//Call after all Realms

AuthenticationInfo afterAllAttempts(

AuthenticationToken token, AuthenticationInfo aggregate)

throws AuthenticationException;

Because each AuthenticationStrategy instance is stateless, the corresponding authentication information is passed to the next process through the interface every time; the authentication information of the first successful verification can be merged/returned through the above interface.

Custom implementation generally inherits org.apache.shiro.authc.pam.AbstractAuthenticationStrategy. For details, please refer to OnlyOneAuthenticatorStrategy and AtLeastTwoAuthenticatorStrategy under the package code com.github.zhangkaitao.shiro.chapter2.authenticator.strategy.

At this point, the basic authentication is done. The detailed use of AuthenticationToken, AuthenticationInfo and Realm will be introduced in subsequent chapters.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.