Java certification instructions using Apache Shiro

Source: Internet
Author: User
Tags ldap

     Certification is the process of trying to prove who a user is. For authentication, a user needs to provide some form of identification that the system can understand and trust. The technical terms that we need to understand in this process include:

subject--refers to the current operator, which can be a person (user), a third-party program, and any other person or thing that interacts with our application.

principals--is a subject attribute, such as user name, social Security code (such as China's ID number)

credentials--is used to verify the identity of secret data, such as passwords, biometric data (such as fingerprints, etc.), x509 certificates, and so on.

realms--is used to access specific security DAO, data Access objects, software components, and so on back-end data sources. For example, if we use LDAP to store user name secrets, then we need to have an LDAP Realm that interacts with LDAP. Therefore, we need a realm for each backend data source, and Shiro can coordinate these realms to do what we need to do.


Using Shiro for authentication in Java applications can be divided into three steps.

1. Collection of subject principals and credentials

2. Submit principals and credentials to the certification system

3. After authentication or allow access, or attempt to re-authenticate, or block access.

Referring to the first step of collecting principals and credentials, here we need to know a simple username/password Authentication token (token)--usernamepasswordtoken that supports most authentication mechanisms. We use it to bind the user names and passwords that have been obtained in the application. How do I get the user name and password? Shiro itself is not related to acquisition (protocol agnostic), we can pass the form submission, HTTP header or command line, etc. into the Java program. Use the following method as shown below.

UsernamePasswordToken token = new UsernamePasswordToken( username, password );

The second step is to submit the token obtained in the previous step to the authentication system. What is a certification system? In the Shiro world, it is a security-related Daos, which refers to realms in the previous article. An example of the entire commit authentication process is shown below.
Subject currentUser = SecurityUtils.getSubject();currentUser.login(token);
What did the above code do? First, the "user" of the currently executing operation is obtained and then the token created by the previous article is submitted for authentication via login mode--subject--.
and after the certification, if successful we can login to the system and associated with the corresponding account and if the authentication fails Shiro will throw an exception, we can based on this information or retry authentication, or block access and other operations. The corresponding code is shown below.
try {    currentUser.login(token);}    catch    Span class= "pun" style= "color: #93a1a1" > (   unknownaccountexception   UAE  )    {    ...  }    catch    Span class= "pun" style= "color: #93a1a1" > (   incorrectcredentialsexception   ice  )    {    ...   }    catch    Span class= "pun" style= "color: #93a1a1" > (   lockedaccountexception   Lae  "    {    ...  }    catch    Span class= "pun" style= "color: #93a1a1" > (   excessiveattemptsexception   Eae  )    {    ...   }     ...    catch   your own   ...   }    catch    Span class= "pun" style= "color: #93a1a1" > (   authenticationexception   AE  "    {      //unexpected error?}
Finally, the user can log out of the login and call currentuser.logout () We are logged out of the Shiro. Shiro will close the user session and remove the identity associated with the current subject instance.

Java certification instructions using Apache Shiro

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.