hahahahah

基于Shiro的权限管理系统实现

最新推荐文章于 2024-08-30 17:24:17 发布

weixin_30892889

最新推荐文章于 2024-08-30 17:24:17 发布

阅读量55

点赞数

CC 4.0 BY-SA版权

原文链接：http://www.cnblogs.com/shuozi-love/p/4515021.html

dsfsefesfsffsfsfsfsfesfsfsfsfsfsfspackage realm;

import java.util.ArrayList;

import java.util.List;

import org.apache.commons.lang3.builder.ReflectionToStringBuilder;

import org.apache.commons.lang3.builder.ToStringStyle;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authz.AuthorizationException;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.session.Session;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.subject.Subject;

import org.springframework.beans.factory.annotation.Autowired;

import utils.StrUtils;

import com.jxzg.mvc.web.entitys.user.Role;

import com.jxzg.mvc.web.entitys.user.RoleRight;

import com.jxzg.mvc.web.entitys.user.User;

import com.jxzg.mvc.web.service.user.IUserManager;

public class MyRealm extends AuthorizingRealm {

@Autowired

private IUserManager userManager;

/**

* 为当前登录的Subject授予角色和权限

* @see 经测试:本例中该方法的调用时机为用户登录后,被调用

@Override

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

// 获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()

String currentUsername = (String) super.getAvailablePrincipal(principals);

List<String> roleList = new ArrayList<String>();

List<String> permissionList = new ArrayList<String>();

// 从数据库中获取当前登录用户的详细信息

User user = userManager.getByUsername(currentUsername);

if (null != user) {

// 实体类User中包含有用户角色的实体类信息

if (null != user.getRole()) {

// 获取当前登录用户的角色

Role role = user.getRole();

roleList.add(role.getName());

//如果是超级管理员直接赋予所有权限

if(role.getName().equals("admin")){

permissionList.add("user");

permissionList.add("school");

}

else{

// 实体类Role中包含有角色权限的实体类信息

if (null != role.getRights() && role.getRights().size() > 0) {

// 获取权限

for (RoleRight pmss : role.getRights()) {

if(pmss.isFlag()){

if (!StrUtils.isNullOrEmpty(pmss.getRight())) {

permissionList.add(pmss.getRight().getName());

}

} else {

throw new AuthorizationException();

}

// 为当前用户设置角色和权限

SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();

simpleAuthorInfo.addRoles(roleList);

simpleAuthorInfo.addStringPermissions(permissionList);

return simpleAuthorInfo;

}

/**

* 验证当前登录的Subject

* @see 经测试:本例中该方法的调用时机为LoginController.login()方法中执行Subject.login()时

@Override

protected AuthenticationInfo doGetAuthenticationInfo(

AuthenticationToken authcToken) throws AuthenticationException {

// 获取基于用户名和密码的令牌

// 实际上这个authcToken是从LoginController里面currentUser.login(token)传过来的

// 两个token的引用都是一样的

UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

System.out.println("验证当前Subject时获取到token为"

+ ReflectionToStringBuilder.toString(token,

ToStringStyle.MULTI_LINE_STYLE));

User user = userManager.getByUsername(token.getUsername());

if (null != user) {

AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(

user.getUserName(), user.getPass(), user.getNickName());

this.setSession("currentUser", user);

return authcInfo;

} else {

return null;

}

/**

* 将一些数据放到ShiroSession中,以便于其它地方使用

* @see 比如Controller,使用时直接用HttpSession.getAttribute(key)就可以取到

private void setSession(Object key, Object value) {

Subject currentUser = SecurityUtils.getSubject();

if (null != currentUser) {

Session session = currentUser.getSession();

if (null != session) {

session.setAttribute(key, value);

}

转载于:https://www.cnblogs.com/shuozi-love/p/4515021.html