版权声明:程序猴jwang版权所有 https://blog.csdn.net/qq_21046965/article/details/90113017
前言
本章学习自定义Realm的授权方式
方法
1.概念
1)关于授权流程的源码剖析,希望读者自行根据登陆验证的模式进行查阅
2)关于JdbcRealm的授权方式,希望读者自行编写
由于JdbcRealm的授权方式受限于表,一般情况下我们都使用自定义的realm来进行授权操作。
2.编码实现
1)编写shiro.ini文件如下
[main]
myJdbcRealm = cn.edu.ccut.test.MyJdbcRealm
securityManager.realms = $myJdbcRealm
2)编写MyJdbcRealm.java
在之前登陆验证的自定义realm讲解中,我们就已经使用了这个类,这里我们继续使用。
我们需要重写其doGetAuthorizationInfo方法来进行授权。
package cn.edu.ccut.test;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.HashSet;
import java.util.Set;
/**
* @Auther:jwang
* @Date:2019/5/11
* @Description:cn.edu.ccut.test
* @Version 1.0
**/
public class MyJdbcRealm extends AuthorizingRealm {
@Override
public String getName() {
return "MyJdbcRealm";
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = (String) getAvailablePrincipal(principals);
//假设通过username取出角色为role1,jdbc代码略
Set<String> roleNames = new HashSet<>();
roleNames.add("role1");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
//假设通过username取出密码为1234,jdbc代码略
String password = "1234";
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, password.toCharArray(), getName());
return info;
}
}
3)编写测试代码
package cn.edu.ccut.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;
/**
* @Auther:jwang
* @Date:2019/5/8
* @Description:cn.edu.ccut.test
* @Version 1.0
**/
public class Authentication {
public static void main(String [] args){
//创建SecurityManager工厂
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//通过SecurityManager工厂获取SecurityManager实例
SecurityManager securityManager = factory.getInstance();
//将SecurityManager对象设置到运行环境中
SecurityUtils.setSecurityManager(securityManager);
//通过SecurityUtils获取主体Subject
Subject currentUser = SecurityUtils.getSubject();
//设置用户名和密码
String username = "zhangsan";
String password = "1234";
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
//进行用户身份验证
try {
currentUser.login(token);
//如果用户认证成功
if (currentUser.isAuthenticated()) {
System.out.println("用户["+username+","+password+"]登录成功!");
//判断用户是否拥有角色role1
System.out.println(currentUser.hasRole("role1"));
}
}catch (AuthenticationException e){
e.printStackTrace();
System.out.println("用户["+username+","+password+"]登录失败!");
}
}
}
程序运行结果如下:
可见,zhangsan这个用户拥有角色role1