shiro+spring认证

最新推荐文章于 2025-05-16 23:09:17 发布

原创最新推荐文章于 2025-05-16 23:09:17 发布 · 215 阅读

0 ·

CC 4.0 BY-SA版权

shiro 专栏收录该内容

6 篇文章

订阅专栏

本文介绍了一个基于Shiro框架实现的权限认证系统示例。通过自定义Realm类，该示例展示了如何进行用户身份验证及授权信息的获取。具体包括从数据库中查询用户信息、角色及其对应的权限，并将这些信息封装到Shiro的AuthorizationInfo对象中。

 */
public class CustomRealm extends AuthorizingRealm{
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection){
        String username = (String) principalCollection.getPrimaryPrincipal();
      /*  User user = new User();
        user.setUsername(username);*/
        //查询角色信息
        /*List<Role> roles = ser.queryRoleByUsername(username);*/
        /**
         *List<Role> roles = userService.queryRoleByUsername(username);
         * a.select id from t_user where username='zhangsan'
         * b.select role_id from t_user_role where user_id=(a.select id from t_user where username='zhangsan')
         * c.select * from t_role where id in (select role_id from t_user_role where user_id=(a.select id from t_user where username='zhangsan'))
         */
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        if (roles!=null){
            /**
             *  for (Role role: roles) {
             String rolename = role.getRoleName();
             info.addRole(roleName);
             a. select permission_id from t_role_permisson where role_id=1
             b. select * from t_permission where id in (select permission_id from t_role_permisson where role_id=1)
             List<Permission> permission = userService.queryPermissionByRoleId(role.getId());
             for(Permission permisseion :permissions){
             //封装权限信息
             info.addStringPermission(permission.getPermissionname());
             }
             }
             *
             */
            for (Role role: roles
                 ) {
                String rolename = role.getRoleName();
                info.addRole(rolename);
                List<Permission> permissions = ser.queryPermissionByRoleId(role.getId());
                for (Permission permission: permissions
                     ) {
                    //封装权限信息
                    info.addStringPermission(permission.getPermissionname());
                }
            }
        }

        return null;
    }

    /**
     * 获取认证信息
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken token) throws AuthenticationException{
       String username =  (String) token.getPrincipal();
       //查询数据库
        User user = ser.queryUserByUsername(username);
        if(user!=null){
            return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),user.getSale());
        }
        return null;
    }


}