【笔记】06.自定义Realm实现授权-优快云博客

本文链接：https://blog.youkuaiyun.com/Gu_jiaguaren/article/details/115742814

这篇博客详细介绍了如何基于Shiro框架自定义Realm实现授权功能，从复制项目开始，逐步创建ActiverUser、RoleService及其实现、PermissionService及其实现，到最后修改UserRealm并进行测试，完整地展示了授权过程。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

06自定义Realm实现授权

1.复制03_Authentication_realm项目

2.创建ActiverUser

package com.domain;
/*
@author qw
@date 2021/3/28 - 14:18
**/

import java.util.List;

public class ActiverUser {

    private User user;
    private List<String> roles;
    private List<String> permissions;

    public ActiverUser() {
    }

    public ActiverUser(User user, List<String> roles, List<String> permissions) {
        this.user = user;
        this.roles = roles;
        this.permissions = permissions;
    }

    public User getUser() {
        return user;
    }

    public void setUser(User user) {
        this.user = user;
    }

    public List<String> getRoles() {
        return roles;
    }

    public void setRoles(List<String> roles) {
        this.roles = roles;
    }

    public List<String> getPermissions() {
        return permissions;
    }

    public void setPermissions(List<String> permissions) {
        this.permissions = permissions;
    }
}

3.创建RoleService

package com.service;
/*
@author qw
@date 2021/3/28 - 14:18
**/


import java.util.List;

public interface RoleService {

    /**
     * 根据用户名查询用户拥有的角色
     */
    List<String> queryRoleByUserName(String username);
}

4.创建RoleServiceImpl

package com.service.impl;
/*
@author qw
@date 2021/3/28 - 14:19
**/

import com.service.RoleService;

import java.util.Arrays;
import java.util.List;

public class RoleServiceImpl implements RoleService {
    @Override
    public List<String> queryRoleByUserName(String username) {
        return Arrays.asList("role1","role2","role3");
    }
}

5.创建PermissionService

package com.service;
/*
@author qw
@date 2021/3/28 - 14:18
**/

import java.util.List;

public interface PermissionService {

    /**
     * 根据用户名查询用户所拥有的权限
     * @param username
     * @return
     */
    List<String> queryPermissionByUsername(String username);
}

6.创建PermissionServiceImpl

package com.service.impl;
/*
@author qw
@date 2021/3/28 - 14:19
**/

import com.service.PermissionService;

import java.util.Arrays;
import java.util.List;

public class PermissionServiceImpl implements PermissionService {
    @Override
    public List<String> queryPermissionByUsername(String username) {
        return Arrays.asList("user:query","user:add","user:update","user:delete");

    }
}

7.修改UserRealm

package com.realm;
/*
@author qw
@date 2021/3/28 - 10:44
**/
import com.domain.ActiverUser;
import com.domain.User;
import com.service.PermissionService;
import com.service.RoleService;
import com.service.UserService;
import com.service.impl.PermissionServiceImpl;
import com.service.impl.RoleServiceImpl;
import com.service.impl.UserServiceImpl;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.Collection;
import java.util.List;

public class UserRealm extends AuthorizingRealm {

    private UserService userService = new UserServiceImpl();
    private RoleService roleService = new RoleServiceImpl();
    private PermissionService permissionService = new PermissionServiceImpl();

    /**
     * 做认证
     * @return
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String username = token.getPrincipal().toString();
        token.getCredentials();
        System.out.println(username);
        /**
         * 以前登录的逻辑是：把用户和密码全部发到数据库 去匹配
         * 在shiro里：先根据用户名把用户对象查询出来，再来做密码匹配
         */
        User user = userService.queryUserByUserName(username);
        if (null != user) {
	 		List<String> roles = roleService.queryRoleByUserName(user.getUsername());
            List<String> permissions = permissionService.queryPermissionByUsername(user.getUsername());
            ActiverUser activerUser = new ActiverUser(user, roles, permissions);


            /**
             * 参数说明：
             * 参数1：可以传任意对象
             * 参数2：从数据库里查询出来的密码
             * 参数3：当前类名
             */
            SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(activerUser, user.getPwd(), this.getName());
            return info;
        } else {
            // 用户不存在 shiro会抛 UnknownAccountException 异常
            return null;
        }
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
        System.out.println("doGetAuthorizationInfo");
        ActiverUser activerUser = (ActiverUser) principal.getPrimaryPrincipal();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //添加角色
        Collection<String> roles = activerUser.getRoles();
        if (null != roles && roles.size() > 0) {
            info.addRoles(roles);
        }
        //添加权限
        Collection<String> permissions = activerUser.getPermissions();
        if (null != permissions && permissions.size() > 0) {
            info.addStringPermissions(permissions);
        }

        //若用户为超级管理员 type==0 则赋予所有权限
/*        if (activerUser.getUser().getType() == 0) {
            info.addStringPermission("*:*");
        }*/

        return info;
    }

}

8.测试

        //角色判断
        boolean role1 = subject.hasRole("role1");
        System.out.println("是否有role1角色:" + role1);
        //权限判断
        boolean permission1 = subject.isPermitted("user:query");
        System.out.println("是否有permission1权限:" + permission1);