You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Andy <si...@gmail.com> on 2011/03/25 02:59:27 UTC

How Shiro Check User's Password

*hi,I study shiro just now,and read some code like below,but I have one
question:the user's password\role stored in database,how shiro get the
password\role and check it? Thanks.

code:
UsernamePasswordToken token =
        new UsernamePasswordToken(username, password);*
* try {
                Subject subject = SecurityUtils.getSubject();
                subject.login(token);
                token.clear();
                url = "/secure/index.jsp";
        }*

Re: How Shiro Check User's Password

Posted by Brian Demers <br...@gmail.com>.

I'm not sure what exists out of the box with the JdbcRealm (worse case
it is a good starting point)
Basically you need to configure a SecurityManager with a Realm (i.e.
the JdbcRealm).  The realm is what actually does the talking to your
DB.

Take a look at: http://shiro.apache.org/realm.html

The example code is pretty good and should get you on your way.

On Thu, Mar 24, 2011 at 9:59 PM, Andy <si...@gmail.com> wrote:
> hi,I study shiro just now,and read some code like below,but I have one
> question:the user's password\role stored in database,how shiro get the
> password\role and check it? Thanks.
>
> code:
> UsernamePasswordToken token =
>         new UsernamePasswordToken(username, password);
>  try {
>                 Subject subject = SecurityUtils.getSubject();
>                 subject.login(token);
>                 token.clear();
>                 url = "/secure/index.jsp";
>         }