二、Shiro框架的基本使用（二）-优快云博客

本文链接：https://blog.youkuaiyun.com/qq_52350532/article/details/134324721

2.6 自定义Realm (CustomRealm)

我们可以仿照JdbcRealm来实现一个自定义的Realm对象。

public class JdbcRealm extends AuthorizingRealm {
    ......
}

JdbcRealm 继承了 AuthorizingRealm

下面是自定义Realm实现的步骤

1.声明一个类CustomRealm，继承AuthorizingRealm

public class CustomRealm extends AuthorizingRealm {
    ......
}

2.重写doGetAuthenticationInfo (认证) 方法

2.1 密码不加密不加盐

@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String username = (String) authenticationToken.getPrincipal();
        if(StringUtils.isNullOrEmpty(username)){
            return null;
        }

        User user = this.findUserByUserName(username);
        if(user == null){
            return null;
        }

        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),"CustomRealm");
        return info;
    }
    //模拟数据库操作
    private User findUserByUserName(String username) {
        if("admin".equals(username)){
            User user = new User();
            user.setId(1);
            user.setUsername("admin");
            user.setPassword("admin");
            return user;
        }
        return null;
    }

2.2 密码加密加盐

{
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        matcher.setHashAlgorithmName("MD5");
        matcher.setHashIterations(1024);
        this.setCredentialsMatcher(matcher);
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String username = (String) authenticationToken.getPrincipal();
        if(StringUtils.isNullOrEmpty(username)){
            return null;
        }

        User user = this.findUserByUserName(username);
        if(user == null){
            return null;
        }

        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),"CustomRealm");
        info.setCredentialsSalt(ByteSource.Util.bytes(user.getSalt()));
        return info;
    }

    //模拟数据库操作
    private User findUserByUserName(String username) {
        if("admin".equals(username)){
            User user = new User();
            user.setId(1);
            user.setUsername("admin");
            user.setPassword("35f60f05c1e00c65fdad1c7d8b57a3ba");
            user.setSalt("yanlingfei");
            return user;
        }
        return null;
    }

3.重写 doGetAuthorizationInfo (授权) 方法

授权是认证之后的操作

   @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

        User user = (User) principalCollection.getPrimaryPrincipal();
        Set<String> roleSet =  this.findRolesByUser();

        Set<String> permSet = this.findPermsByRoleSet(roleSet);

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.setRoles(roleSet);
        info.setStringPermissions(permSet);

        return info;
    }

    private Set<String> findPermsByRoleSet(Set<String> roleSet) {
        Set<String> set = new HashSet<>();
        set.add("user:add");
        set.add("user:update");
        return set;
    }

    private Set<String> findRolesByUser() {
        Set<String> set = new HashSet<>();
        set.add("超级管理员");
        set.add("运营");
        return set;
    }

User类

public class User {

    private Integer id;
    private String username;
    private String password;

    private String salt;

    public String getSalt() {
        return salt;
    }

    public void setSalt(String salt) {
        this.salt = salt;
    }

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

}

4.测试

 @Test
    public void test01(){
        CustomRealm  customRealm = new CustomRealm();
        DefaultSecurityManager securityManager = new DefaultSecurityManager();
        securityManager.setRealm(customRealm);

        SecurityUtils.setSecurityManager(securityManager);
        Subject subject = SecurityUtils.getSubject();
        subject.login(new UsernamePasswordToken("admin","admin"));
        System.out.println(subject.isAuthenticated());

        System.out.println(subject.hasRole("超级管理员"));
        System.out.println(subject.isPermitted("user:add"));

    }