• hahahahah

    dsfsefesfsffsfsfsfsfesfsfsfsfsfsfspackage realm;

     

    import java.util.ArrayList;

    import java.util.List;

     

    import org.apache.commons.lang3.builder.ReflectionToStringBuilder;

    import org.apache.commons.lang3.builder.ToStringStyle;

    import org.apache.shiro.SecurityUtils;

    import org.apache.shiro.authc.AuthenticationException;

    import org.apache.shiro.authc.AuthenticationInfo;

    import org.apache.shiro.authc.AuthenticationToken;

    import org.apache.shiro.authc.SimpleAuthenticationInfo;

    import org.apache.shiro.authc.UsernamePasswordToken;

    import org.apache.shiro.authz.AuthorizationException;

    import org.apache.shiro.authz.AuthorizationInfo;

    import org.apache.shiro.authz.SimpleAuthorizationInfo;

    import org.apache.shiro.realm.AuthorizingRealm;

    import org.apache.shiro.session.Session;

    import org.apache.shiro.subject.PrincipalCollection;

    import org.apache.shiro.subject.Subject;

    import org.springframework.beans.factory.annotation.Autowired;

     

    import utils.StrUtils;

     

    import com.jxzg.mvc.web.entitys.user.Role;

    import com.jxzg.mvc.web.entitys.user.RoleRight;

    import com.jxzg.mvc.web.entitys.user.User;

    import com.jxzg.mvc.web.service.user.IUserManager;

     

    public class MyRealm extends AuthorizingRealm {

     

        @Autowired

        private IUserManager userManager;

     

        /**

         * 为当前登录的Subject授予角色和权限

         * @see 经测试:本例中该方法的调用时机为用户登录后,被调用

         */

        @Override

        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

            // 获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()

            String currentUsername = (String) super.getAvailablePrincipal(principals);

            List<String> roleList = new ArrayList<String>();

            List<String> permissionList = new ArrayList<String>();

            // 从数据库中获取当前登录用户的详细信息

            User user = userManager.getByUsername(currentUsername);

            if (null != user) {

                // 实体类User中包含有用户角色的实体类信息

                if (null != user.getRole()) {

                    // 获取当前登录用户的角色

                    Role role = user.getRole();

                    roleList.add(role.getName());

                    //如果是超级管理员直接赋予所有权限

                    if(role.getName().equals("admin")){

                        permissionList.add("user");

                        permissionList.add("school");

                    }

                    

                    else{

                        // 实体类Role中包含有角色权限的实体类信息

                        if (null != role.getRights() && role.getRights().size() > 0) {

                            // 获取权限

                            for (RoleRight pmss : role.getRights()) {

                                if(pmss.isFlag()){

                                    if (!StrUtils.isNullOrEmpty(pmss.getRight())) {

                                        permissionList.add(pmss.getRight().getName());

                                    }

                                }

                            }

                        }

                    }

                }

            } else {

                throw new AuthorizationException();

            }

            // 为当前用户设置角色和权限

            SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();

            simpleAuthorInfo.addRoles(roleList);

            simpleAuthorInfo.addStringPermissions(permissionList);

            return simpleAuthorInfo;

        }

     

        /**

         * 验证当前登录的Subject

         * @see 经测试:本例中该方法的调用时机为LoginController.login()方法中执行Subject.login()时

         */

        @Override

        protected AuthenticationInfo doGetAuthenticationInfo(

                AuthenticationToken authcToken) throws AuthenticationException {

            // 获取基于用户名和密码的令牌

            // 实际上这个authcToken是从LoginController里面currentUser.login(token)传过来的

            // 两个token的引用都是一样的

            UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

            System.out.println("验证当前Subject时获取到token为"

                    + ReflectionToStringBuilder.toString(token,

                            ToStringStyle.MULTI_LINE_STYLE));

            User user = userManager.getByUsername(token.getUsername());

            if (null != user) {

                AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(

                        user.getUserName(), user.getPass(), user.getNickName());

                this.setSession("currentUser", user);

                return authcInfo;

            } else {

                return null;

            }

        }

     

        /**

         * 将一些数据放到ShiroSession中,以便于其它地方使用

         * @see 比如Controller,使用时直接用HttpSession.getAttribute(key)就可以取到

         */

        private void setSession(Object key, Object value) {

            Subject currentUser = SecurityUtils.getSubject();

            if (null != currentUser) {

                Session session = currentUser.getSession();

                if (null != session) {

                    session.setAttribute(key, value);

                }

            }

        }

     

    }
  • 相关阅读:
    css一div内文字居中
    (三)maven出错记录
    (二)在eclipse中使用maven
    单点登录原理及实现sso
    java定时器2-spring实现
    内存溢出
    IDE配置jvm参数
    CheckStyle
    表单提交数据量大于2m,java 后台接受不到表单传递过来的数据
    JVM实用参数(一)JVM类型以及编译器模式
  • 原文地址:https://www.cnblogs.com/shuozi-love/p/4515021.html
Copyright © 2020-2023  润新知