原代码: `ini配置文件(shiro-authenticator-all-success.ini) Java代码 指定securityManager的authenticator实现 authenticator=org.apache.shiro.authc.pam.ModularRealmAuthenticator securityManager.authenticator=$authenticator 指定securityManager.authenticator的authenticationStrategy allSuccessfulStrategy=org.apache.shiro.authc.pam.AllSuccessfulStrategy securityManager.authenticator.authenticationStrategy=$allSuccessfulStrategy Java代码 收藏代码myRealm1=com.github.zhangkaitao.shiro.chapter2.realm.MyRealm1 myRealm2=com.github.zhangkaitao.shiro.chapter2.realm.MyRealm2 myRealm3=com.github.zhangkaitao.shiro.chapter2.realm.MyRealm3 securityManager.realms=$myRealm1,$myRealm3 ` 2.1、首先通用化登录逻辑 Java代码 收藏代码 private void login(String configFile) { //1、获取SecurityManager工厂，此处使用Ini配置文件初始化SecurityManager Factory<org.apache.shiro.mgt.SecurityManager> factory = new IniSecurityManagerFactory(configFile); //2、得到SecurityManager实例 并绑定给SecurityUtils org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); //3、得到Subject及创建用户名/密码身份验证Token（即用户身份/凭证） Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("zhang", "123"); subject.login(token); } 2.2、测试AllSuccessfulStrategy成功： Java代码 收藏代码 @Test public void testAllSuccessfulStrategyWithSuccess() { login("classpath:shiro-authenticator-all-success.ini"); Subject subject = SecurityUtils.getSubject(); //得到一个身份集合，其包含了Realm验证成功的身份信息 PrincipalCollection principalCollection = subject.getPrincipals(); Assert.assertEquals(2, principalCollection.asList().size()); } 即PrincipalCollection包含了zhang和zhang@163.com身份信息。 github上的代码我也弄下来了,确实是两条身份信息,但是我自己跟着写的怎么是一条呢?没有那个zhangsan@163.comzhe'tiao 原文链接 我自己的: /** * 通用化登陆逻辑 */ private void login(String configFile) { //获取安安全管理器工厂 Factory<SecurityManager> factory = new IniSecurityManagerFactory(configFile); //得到securityManager实力并绑定给securityUtils SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); //得到subject及创建账号密码身份验证token Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123"); //登陆 subject.login(token); } /** * 测试AllSuccessfulStrategy成功 */ @Test public void testAllSuccessfulStrategyWithFail() { login("classpath:shiro-authenticator-all-success.ini"); Subject subject = SecurityUtils.getSubject(); //得到一个身份集合,其中包含了realm验证成功的身份信息 PrincipalCollection principals = subject.getPrincipals(); List list = principals.asList(); } [main] #指定securityManager的authenticator实现 authenticator=org.apache.shiro.authc.pam.ModularRealmAuthenticator securityManager.authenticator=$authenticator #指定securityManager.authenticator的authenticationStrategy allSuccessfulStrategy=org.apache.shiro.authc.pam.AllSuccessfulStrategy securityManager.authenticator.authenticationStrategy=$allSuccessfulStrategy myRealm1=com.rxiao.demo2.L2_MyRealm1 myRealm2=com.rxiao.demo2.L3_MyRealm2 myRealm3=com.rxiao.demo2.L4_MyRealm3 securityManager.realms=$myRealm1,$myRealm3