第一步
------------------------------------------------------------------------------------------------------------------------
自定议PerminssionRealm继承AuthorizingRealm重写3个方法:doGetAuthorizationInfo、doGetAuthenticationInfo、getName
@Override
public String getName() {
return "permissionRealm";
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//传入参数:principals:用户认证凭证信息
//SimpleAuthenticationInfo:认证方法返回封装信息的第一个参数:用户信息(username)
String username = (String)principals.getPrimaryPrincipal();
//模似查询数据库,查询用户指定的角色,以及用户权限
List<String> roles = new ArrayList<String>();
List<String> primission = new ArrayList<String>();
roles.add("role1");
primission.add("user:delete");
//返回用户在数据库中的角色
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roles);
info.addStringPermissions(primission);
return info;
}
//认证操作
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取tokent中的用户名
String username = (String)token.getPrincipal();
if(!"liu".equals(username)) {
return null;
}
String password = "666";
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,password,getName());
return info;
}
第二步
------------------------------------------------------------------------------------------------------------------------
配置ini文件:classpath:shiro-permission-realm.ini
[main]
myReal=com.shiro.realm.permissionRealm
securityManager.realms=$myReal
第三步
------------------------------------------------------------------------------------------------------------------------
测试
@Test
public void testHasRoleByRealm() throws Exception{
Factory<SecurityManager> faxtory = new IniSecurityManagerFactory("classpath:shiro-permission-realm.ini");
SecurityManager securityManager = faxtory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("liu", "666");
subject.login(token);
//进行授权操作时前提,用户必须通过认证
System.out.println(subject.isPermitted("user:delete"));
//判断当前用户是否拥有某个角色:返回true表示拥有,false表示没有
System.out.println(subject.hasRole("role1"));
}