版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_38087648/article/details/80003834
授权流程
- 对subject进行授权,调用方法isPermitted(“permitted串”)
- SecurityManager执行授权,通过ModularRealmAuthorizer执行授权
- ModularRealmAuthorizer执行realm(自定义的CustomRealm)从数据库中查询权限数据,调用realm的授权方法:daGetAuthorizationInfo
- realm从数据库查询权限数据,返回ModularRealmAuthorizer
- ModularRealmAuthorizer调用PermissionResolver进行权限串对比
- 如果对比后,isPermitted中”permission串”在realm查询到权限数据中,说明用户访问permission串有权限,否则没有权限,抛出异常
CustomRealm
//用于授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// TODO Auto-generated method stub
//从principals获取主身份信息
//将getPrimaryPrincipal方法返回值转为真实身份信息(在上边的doGetAuthecticationInfo认证通过填充到SimpleAuthenticationInfo)
String userCode = (String)principals.getPrimaryPrincipal();
//根据信息获取权限信息
//连接数据库。。。
//模拟从数据库获取到数据
List<String> permissions = new ArrayList<String>();
permissions.add("user:create");
permissions.add("items:add");
//...
//查询到权限数据,返回
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//将上边查询到授权信息填充到simpleAuthorizationInfo对象中
simpleAuthorizationInfo.addStringPermissions(permissions);
return simpleAuthorizationInfo;
}
ini配置文件
[main]
#自定义realm
customRealm=cn.dinggc.shiro.realm.CustomRealm
#将realm设置到securityManager,相当于spring注入
securityManager.realms=$customRealm
测试代码
@Test
public void testAuthorizationCustomRealm() {
// 创建securityManager工厂,用过ini配置文件创建securityManager工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "111111");
try {
subject.login(token);
} catch (AuthenticationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("认证状态 : " + subject.isAuthenticated());
//认证通过后执行授权
//基于角色的授权
//hasRole传入角色标识
boolean ishasRole = subject.hasRole("role1");
System.out.println("单个角色判断"+ishasRole);
//hasAllRoles是否拥有多个角色
boolean hasAllRoles = subject.hasAllRoles(Arrays.asList("role1","role2"));
System.out.println("单多个角色判断"+hasAllRoles);
//基于资源的授权
//isPermitted传入权限标识符
boolean isPermitted = subject.isPermitted("user:create");
System.out.println("单个权限判断"+isPermitted);
boolean isPermittedAll = subject.isPermittedAll("user:create:1","user:update");
System.out.println("多个权限判断"+isPermittedAll);
subject.checkPermission("items:create");
}