是撒大大大

時間  2019-11-29
標籤 大大 简体版
原文   原文鏈接
  1. package realm;
  2.  
  3. import java.util.ArrayList;
  4. import java.util.List;
  5.  
  6. import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
  7. import org.apache.commons.lang3.builder.ToStringStyle;
  8. import org.apache.shiro.SecurityUtils;
  9. import org.apache.shiro.authc.AuthenticationException;
  10. import org.apache.shiro.authc.AuthenticationInfo;
  11. import org.apache.shiro.authc.AuthenticationToken;
  12. import org.apache.shiro.authc.SimpleAuthenticationInfo;
  13. import org.apache.shiro.authc.UsernamePasswordToken;
  14. import org.apache.shiro.authz.AuthorizationException;
  15. import org.apache.shiro.authz.AuthorizationInfo;
  16. import org.apache.shiro.authz.SimpleAuthorizationInfo;
  17. import org.apache.shiro.realm.AuthorizingRealm;
  18. import org.apache.shiro.session.Session;
  19. import org.apache.shiro.subject.PrincipalCollection;
  20. import org.apache.shiro.subject.Subject;
  21. import org.springframework.beans.factory.annotation.Autowired;
  22.  
  23. import utils.StrUtils;
  24.  
  25. import com.jxzg.mvc.web.entitys.user.Role;
  26. import com.jxzg.mvc.web.entitys.user.RoleRight;
  27. import com.jxzg.mvc.web.entitys.user.User;
  28. import com.jxzg.mvc.web.service.user.IUserManager;
  29.  
  30. public class MyRealm extends AuthorizingRealm {
  31.  
  32.    @Autowired
  33.    private IUserManager userManager;
  34.  
  35.    /**
  36.     * 爲當前登陸的Subject授予角色和權限
  37.     * @see 經測試:本例中該方法的調用時機爲用戶登陸後,被調用
  38.     */
  39.    @Override
  40.    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
  41.       // 獲取當前登陸的用戶名,等價於(String)principals.fromRealm(this.getName()).iterator().next()
  42.       String currentUsername = (String) super.getAvailablePrincipal(principals);
  43.       List<String> roleList = new ArrayList<String>();
  44.       List<String> permissionList = new ArrayList<String>();
  45.       // 從數據庫中獲取當前登陸用戶的詳細信息
  46.       User user = userManager.getByUsername(currentUsername);
  47.       if (null != user) {
  48.          // 實體類User中包含有用戶角色的實體類信息
  49.          if (null != user.getRole()) {
  50.             // 獲取當前登陸用戶的角色
  51.             Role role = user.getRole();
  52.             roleList.add(role.getName());
  53.             //若是是超級管理員直接賦予全部權限
  54.             if(role.getName().equals("admin")){
  55.                permissionList.add("user");
  56.                permissionList.add("school");
  57.             }
  58.  
  59.             else{
  60.                // 實體類Role中包含有角色權限的實體類信息
  61.                if (null != role.getRights() && role.getRights().size() > 0) {
  62.                   // 獲取權限
  63.                   for (RoleRight pmss : role.getRights()) {
  64.                      if(pmss.isFlag()){
  65.                         if (!StrUtils.isNullOrEmpty(pmss.getRight())) {
  66.                            permissionList.add(pmss.getRight().getName());
  67.                         }
  68.                      }
  69.                   }
  70.                }
  71.             }
  72.          }
  73.       } else {
  74.          throw new AuthorizationException();
  75.       }
  76.       // 爲當前用戶設置角色和權限
  77.       SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
  78.       simpleAuthorInfo.addRoles(roleList);
  79.       simpleAuthorInfo.addStringPermissions(permissionList);
  80.       return simpleAuthorInfo;
  81.    }
  82.  
  83.    /**
  84.     * 驗證當前登陸的Subject
  85.     * @see 經測試:本例中該方法的調用時機爲LoginController.login()方法中執行Subject.login()時
  86.     */
  87.    @Override
  88.    protected AuthenticationInfo doGetAuthenticationInfo(
  89.          AuthenticationToken authcToken) throws AuthenticationException {
  90.       // 獲取基於用戶名和密碼的令牌
  91.       // 實際上這個authcToken是從LoginController裏面currentUser.login(token)傳過來的
  92.       // 兩個token的引用都是同樣的
  93.       UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
  94.       System.out.println("驗證當前Subject時獲取到token爲"
  95.             + ReflectionToStringBuilder.toString(token,
  96.                   ToStringStyle.MULTI_LINE_STYLE));
  97.       User user = userManager.getByUsername(token.getUsername());
  98.       if (null != user) {
  99.          AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(
  100.                user.getUserName(), user.getPass(), user.getNickName());
  101.          this.setSession("currentUser", user);
  102.          return authcInfo;
  103.       } else {
  104.          return null;
  105.       }
  106.    }
  107.  
  108.    /**
  109.     * 將一些數據放到ShiroSession中,以便於其它地方使用
  110.     * @see 好比Controller,使用時直接用HttpSession.getAttribute(key)就能夠取到
  111.     */
  112.    private void setSession(Object key, Object value) {
  113.       Subject currentUser = SecurityUtils.getSubject();
  114.       if (null != currentUser) {
  115.          Session session = currentUser.getSession();
  116.          if (null != session) {
  117.             session.setAttribute(key, value);
  118.          }
  119.       }
  120.    }
  121.  
  122. }
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程