4、Shiro+Oracle实现用户登录认证
2017-07-14 16:31
337 查看
在这里介绍一个入门级别的Shiro+Oracle的配置方法,这个方法是用户登录验证。这个方法仅仅是个开始,并没有和Web、Spring、Mybatis等框架进行整合,后续我还会继续和大家分享我的学习过程及心得。
一、建表
CREATETABLE sec_user(
user_id number(10)
primarykey,
user_name varchar2(64) ,
passwordvarchar2(128) ,
created_time date ,
update_time timestamp
) ;
createsequence s_seq;
insertinto sec_uservalues(s_seq.nextval,'ammin','123456','2-2月-19','12-12月-12');
insertinto sec_user
values(s_seq.nextval,'afeng','qw123456','2-2月-19','12-12月-12');
insertinto sec_user
values(s_seq.nextval,'czf','we2133','2-2月-19','12-12月-12');
select * fromsec_user;
二、搭建架构
三、配置依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-jdbc--> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
<version>10.2.0.4.0</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.5</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.0.13</version>
<scope>runtime</scope>
</dependency>
四、配置shiro.ini
在resources目录下创建一个ini文件,配置Shiro(后续文件会将此文件内容移至XML
文件中)。在这个配置文件中我们要设置数据源,以及用户认证时使用数据库查询语句。这里用到了Shiro中自带的JdbcRealm类。
[main]
dataSource=org.springframework.jdbc.datasource.DriverManagerDataSource
dataSource.driverClassName=oracle.jdbc.driver.OracleDriver
dataSource.url=jdbc:oracle:thin:@localhost:1521:orcl
dataSource.username=system
dataSource.password=orcl
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled= true
jdbcRealm.dataSource=$dataSource
jdbcRealm.authenticationQuery= SELECT password FROM sec_user WHERE user_name = ?
securityManager.realms=$jdbcRealm
我们只需要以用户名为查询条件,查询出密码字段即可,如果您在select后面使用了星号(*)或是查询字段多于一个,都无法通过用户认证 。
五、编写测试源代码
packagecn.com.bochy.test;
import java.util.Scanner;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;
public
class TestShiroDB {
public
static void main(String[] args) {
System.out.println("请输入用户名:");
@SuppressWarnings("resource")
Scanner input=new Scanner(System.in);
String username=input.next();
System.out.println("请输入密码:");
String userpwd=input.next();
// 1.获取SecurityManager工厂,此处使用ini配置文件初始化SecurityManager
Factory<SecurityManager> factory = newIniSecurityManagerFactory("classpath:shiro.ini");
// 2.获取SecurityManager实例,并绑定到SecurityUtils
SecurityManager sm = factory.getInstance();
SecurityUtils.setSecurityManager(sm);
// 3.得到Subject
Subject subject = SecurityUtils.getSubject();
// 4.创建用户登录凭证
UsernamePasswordToken token = new UsernamePasswordToken(
username, userpwd);
// 5.登录,如果登录失败会抛出不同的异常,根据异常输出失败原因
try {
subject.login(token);
// 6.判断是否成功登录
System.out.println(subject.isAuthenticated());
System.out.println("登录成功!!");
// 7.注销用户
subject.logout();
} catch (IncorrectCredentialsException e) {
System.out.println("登录密码错误. Password for account
"
+ token.getPrincipal() +
" was incorrect.");
} catch (ExcessiveAttemptsException e) {
System.out.println("登录失败次数过多");
} catch (LockedAccountException e) {
System.out.println("帐号已被锁定. The account for username
"
+ token.getPrincipal() +
" was locked.");
} catch (DisabledAccountException e) {
System.out.println("帐号已被禁用. The account for username
"
+ token.getPrincipal() +
" was disabled.");
} catch (ExpiredCredentialsException e) {
System.out.println("帐号已过期. the account for username
"
+ token.getPrincipal() +
" was expired.");
} catch (UnknownAccountException e) {
System.out.println("帐号不存在. There is no user with
username of "
+ token.getPrincipal());
}
}
}
一、建表
CREATETABLE sec_user(
user_id number(10)
primarykey,
user_name varchar2(64) ,
passwordvarchar2(128) ,
created_time date ,
update_time timestamp
) ;
createsequence s_seq;
insertinto sec_uservalues(s_seq.nextval,'ammin','123456','2-2月-19','12-12月-12');
insertinto sec_user
values(s_seq.nextval,'afeng','qw123456','2-2月-19','12-12月-12');
insertinto sec_user
values(s_seq.nextval,'czf','we2133','2-2月-19','12-12月-12');
select * fromsec_user;
二、搭建架构
三、配置依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-jdbc--> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
<version>10.2.0.4.0</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.5</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.0.13</version>
<scope>runtime</scope>
</dependency>
四、配置shiro.ini
在resources目录下创建一个ini文件,配置Shiro(后续文件会将此文件内容移至XML
文件中)。在这个配置文件中我们要设置数据源,以及用户认证时使用数据库查询语句。这里用到了Shiro中自带的JdbcRealm类。
[main]
dataSource=org.springframework.jdbc.datasource.DriverManagerDataSource
dataSource.driverClassName=oracle.jdbc.driver.OracleDriver
dataSource.url=jdbc:oracle:thin:@localhost:1521:orcl
dataSource.username=system
dataSource.password=orcl
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled= true
jdbcRealm.dataSource=$dataSource
jdbcRealm.authenticationQuery= SELECT password FROM sec_user WHERE user_name = ?
securityManager.realms=$jdbcRealm
我们只需要以用户名为查询条件,查询出密码字段即可,如果您在select后面使用了星号(*)或是查询字段多于一个,都无法通过用户认证 。
五、编写测试源代码
packagecn.com.bochy.test;
import java.util.Scanner;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;
public
class TestShiroDB {
public
static void main(String[] args) {
System.out.println("请输入用户名:");
@SuppressWarnings("resource")
Scanner input=new Scanner(System.in);
String username=input.next();
System.out.println("请输入密码:");
String userpwd=input.next();
// 1.获取SecurityManager工厂,此处使用ini配置文件初始化SecurityManager
Factory<SecurityManager> factory = newIniSecurityManagerFactory("classpath:shiro.ini");
// 2.获取SecurityManager实例,并绑定到SecurityUtils
SecurityManager sm = factory.getInstance();
SecurityUtils.setSecurityManager(sm);
// 3.得到Subject
Subject subject = SecurityUtils.getSubject();
// 4.创建用户登录凭证
UsernamePasswordToken token = new UsernamePasswordToken(
username, userpwd);
// 5.登录,如果登录失败会抛出不同的异常,根据异常输出失败原因
try {
subject.login(token);
// 6.判断是否成功登录
System.out.println(subject.isAuthenticated());
System.out.println("登录成功!!");
// 7.注销用户
subject.logout();
} catch (IncorrectCredentialsException e) {
System.out.println("登录密码错误. Password for account
"
+ token.getPrincipal() +
" was incorrect.");
} catch (ExcessiveAttemptsException e) {
System.out.println("登录失败次数过多");
} catch (LockedAccountException e) {
System.out.println("帐号已被锁定. The account for username
"
+ token.getPrincipal() +
" was locked.");
} catch (DisabledAccountException e) {
System.out.println("帐号已被禁用. The account for username
"
+ token.getPrincipal() +
" was disabled.");
} catch (ExpiredCredentialsException e) {
System.out.println("帐号已过期. the account for username
"
+ token.getPrincipal() +
" was expired.");
} catch (UnknownAccountException e) {
System.out.println("帐号不存在. There is no user with
username of "
+ token.getPrincipal());
}
}
}
相关文章推荐
- SSM整合shiro实现多用户表多Realm统一登录认证(大章附代码)
- shiro框架---关于用户登录和权限验证功能的实现步骤(一)
- springmvc+shiro+maven 实现登录认证与权限授权管理
- Oracle OAM单点实现登录后,如何查看当前登录用户数量
- FTP服务器工作原理及如何通过PAM认证实现虚拟用户登录;
- Shiro实现用户自动登录
- spring实战-Spring-security实现用户权限认证登录
- 5、Shiro+Oracle实现用户授权(Authentication)
- shiro实现APP、web统一登录认证和权限管理
- Shiro系列之Shiro+Mysql实现用户认证(Authentication)
- 详解使用Spring3 实现用户登录以及权限认证
- j2ee 简单网站搭建:(七)使用 shiro 结合 jcaptcha 实现用户验证登录
- 通过ssh协议实现用户key认证登录
- SpringBoot整合Shiro实现登录认证的方法
- 采用shiro实现登录认证与权限授权管理
- shiro实现APP、web统一登录认证和权限管理
- 【Android应用开发详解】第01期:第三方授权认证(一)实现第三方授权登录、分享以及获取用户资料
- 使用Spring3 实现用户登录以及权限认证
- shiro实现url级别的权限控制(用户登录)配置文件分析