本文将介绍shiro依赖Realm完成角色和权限控制的过程。

1、环境约束

• win10 64位操作系统
• idea2018.1.5
• jdk-8u162-windows-x64

• spring4.2.4

  前提约束

• 完成shiro读取ini文件 https://www.jianshu.com/p/3c31a55b0f63

  2、操作步骤

  2.1 单Realm完成认证

• 在src/main/resources文件夹下加入shiro-realm.ini，内容如下：

myRealm=net.wanho.security.MyRealm

• 在src/main/java文件夹下加入net.wanho.security.MyRealm.java文件，内容如下：

package net.wanho.security;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class MyRealm extends AuthorizingRealm {

    //授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    //认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;

        String pwd = new String ((char[])token.getCredentials());
        String username =  (String)token.getPrincipal();

        if(pwd.equals("123456"))
        {
            return new SimpleAuthenticationInfo(username,pwd,getName());
        }
        else {
            throw new IncorrectCredentialsException();
        }
    }
}

• 在src/main/java文件夹下新增TestRealm.java，内容如下：

 @Test
    public void test1() {
        SecurityManager securityManager =
                new IniSecurityManagerFactory("classpath:shiro-realm.ini").getInstance();
        SecurityUtils.setSecurityManager(securityManager);
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken("zhangli", "123456");
        try {
            subject.login(token);
        } catch (Exception e) {
            e.printStackTrace();
        }

        System.out.println("123");
    }

2.2 多Realm完成验证

• 在src/main/resources文件夹下加入shiro-realms.ini文件，内容如下：

allSuccessfulStrategy=org.apache.shiro.authc.pam.AllSuccessfulStrategy
securityManager.authenticator.authenticationStrategy=$allSuccessfulStrategy
myRealm=net.wanho.security.MyRealm
yourRealm=net.wanho.security.YourRealm
securityManager.realms=$myRealm,$yourRealm

• 在src/main/java文件夹下加入net.wanho.security.YourRealm.java[注意，MyRealm.java已经存在]，内容如下：

package net.wanho.security;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class YourRealm extends AuthorizingRealm {

    //授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    //认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;

        String pwd = new String ((char[])token.getCredentials());
        String username =  (String)token.getPrincipal();

        if(username.equals("zhangli"))
        {
            return new SimpleAuthenticationInfo(username,pwd,getName());
        }
        else {
            throw new UnknownAccountException();
        }
    }
}

• 在TestRealm.java文件当中加入以下内容：

    @Test
    public void test2() {
        SecurityManager securityManager =
                new IniSecurityManagerFactory("classpath:shiro-realms.ini").getInstance();
        SecurityUtils.setSecurityManager(securityManager);
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken("zhangli", "12345");
        subject.login(token);
        System.out.println("123");
    }

2.3 使用jdbc在Realm中完成认证

• 在src/main/resources文件夹下加入shiro-jdbc-realm.ini，内容如下：

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/shiro
dataSource.username=root
dataSource.password=zhangli
jdbcRealm.dataSource=$dataSource
securityManager.realms=$jdbcRealm

• 在mysql加入三张表以及数据，sql语句如下：

create database shiro;
use shiro;
create table users(username varchar(20),password varchar(20));
insert into users values('ali','123456');
insert into users values('zhangli','123456');
create table user_roles(role_name varchar(20),username varchar(20));
insert into user_roles(role_name,username) values('admin','ali');
insert into user_roles(role_name,username) values('user','zhangli');
create table roles_permissions(permission varchar(20),role_name varchar(20));
insert into roles_permissions values('update','admin');
insert into roles_permissions values('insert','admin');
insert into roles_permissions values('delete','admin');
insert into roles_permissions values('select','admin');
insert into roles_permissions values('select','user');

• 在TestRealm.java文件中加入以下内容：

    @Test
    public void test3() {
        SecurityManager securityManager =
                new IniSecurityManagerFactory("classpath:shiro-jdbc-realm.ini").getInstance();
        SecurityUtils.setSecurityManager(securityManager);
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken("ali", "123456");
        subject.login(token);
        boolean ret = subject.hasRole("admin");
        boolean isOk = subject.isPermitted("insert");
        System.out.println("123");
    }

以上就是通过ini获取Realm逻辑完成权限和角色校验的过程。

原文：https://www.cnblogs.com/alichengxuyuan/p/12519985.html