package cn.learn.shiro;import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;import java.util.ArrayList;
import java.util.List;/*** 自定义realms对象* 继承AuthorizingRealm* 重写方法* doGetAuthorizationInfo:授权* 获取到用户的授权数据(用户的权限数据)* doGetAuthenticationInfo:认证* 根据用户名密码登录,将用户数据保存(安全数据)**/
public class PermissionRealm extends AuthorizingRealm {/*** 自定义realm名称*/public void setName(String name) {super.setName("permissionRealm");}//授权:授权的主要目的就是根据认证数据获取到用户的权限信息/*** principalCollection:包含了所有已认证的安全数据* AuthorizationInfoInfo:授权数据*/protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("执行授权方法");//1.获取安全数据 username,用户idString username = (String)principalCollection.getPrimaryPrincipal();//2.根据id或者名称查询用户//3.查询用户的角色和权限信息List perms = new ArrayList<>();perms.add("user:save");perms.add("user:update");List roles = new ArrayList<>();roles.add("role1");roles.add("role2");//4.构造返回SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();//设置权限集合info.addStringPermissions(perms);//设置角色集合info.addRoles(roles);return info;}//认证:认证的主要目的,比较用户名和密码是否与数据库中的一致//将安全数据存入到shiro进行保管//参数:authenticationToken登录构造的usernamepasswordtokenprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("执行认证方法");//1.构造uptokenUsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;//2.获取输入的用户名密码String username = upToken.getUsername();String password = new String(upToken.getPassword());//3.根据用户名查询数据库,正式系统查询//4.比较密码和数据库中的密码是否一致(密码可能需要加密)if("123456".equals(password)) {//5.如果成功,向shiro存入安全数据SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,password,getName());//1.安全数据,2.密码。3。当前realm域名称return info;}else{//6.失败,抛出异常或返回nullthrow new RuntimeException("用户名或密码错误");}}
}
package cn.learn.shiro;import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Before;
import org.junit.Test;public class ShiroTest03 {private SecurityManager securityManager;@Beforepublic void init() {//1.根据配置文件创建SecurityManagerFactoryFactory factory = new IniSecurityManagerFactory("classpath:shiro-test-3.ini");//2.通过工厂获取SecurityManagerSecurityManager securityManager = factory.getInstance();//3.将SecurityManager绑定到当前运行环境SecurityUtils.setSecurityManager(securityManager);}@Testpublic void testLogin() {Subject subject = SecurityUtils.getSubject();String username = "zhangsan";String password = "123456";UsernamePasswordToken token = new UsernamePasswordToken(username,password);//执行login-->realm域中的认证方法subject.login(token);//授权:-->realm域中的授权方法System.out.println(subject.hasRole("role1"));System.out.println(subject.isPermitted("user:save"));}}
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!
