一 .概述
首先自定我们的realm.
public class ShiroRealm extends AuthorizingRealm{ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { return null; } }
现在我们加入我们的业务逻辑.
首先是认证部分:
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken utoken = (UsernamePasswordToken) token; String username = utoken.getUsername(); String password = new String(utoken.getPassword()); User user = userdao.selectUserByUsername(username); if(user == null) { throw new UnknownAccountException("账号不正确!"); } if(user.getLocked()==Boolean.TRUE) { throw new LockedAccountException("账号被锁定!"); } //密码校验 SimpleHash hash = new SimpleHash("MD5",username , user.getSalt(),1); if(!user.getPassword().equals(hash.toString())) { throw new IncorrectCredentialsException("密码不正确"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username ,password ,getName() ); return info; }
以上的部分我们就可以完成shiro的登录了.