hahahahah

時間 2019-11-29

標籤 hahahahah 简体版

原文原文鏈接

dsfsefesfsffsfsfsfsfesfsfsfsfsfsfspackage realm; java

import java.util.ArrayList; web

import java.util.List; spring

import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 數據庫

import org.apache.commons.lang3.builder.ToStringStyle; apache

import org.apache.shiro.SecurityUtils; session

import org.apache.shiro.authc.AuthenticationException; mvc

import org.apache.shiro.authc.AuthenticationInfo; ide

import org.apache.shiro.authc.AuthenticationToken; 測試

import org.apache.shiro.authc.SimpleAuthenticationInfo; ui

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authz.AuthorizationException;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.session.Session;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.subject.Subject;

import org.springframework.beans.factory.annotation.Autowired;

import utils.StrUtils;

import com.jxzg.mvc.web.entitys.user.Role;

import com.jxzg.mvc.web.entitys.user.RoleRight;

import com.jxzg.mvc.web.entitys.user.User;

import com.jxzg.mvc.web.service.user.IUserManager;

public class MyRealm extends AuthorizingRealm {

@Autowired

private IUserManager userManager;

/**

* 爲當前登陸的Subject授予角色和權限

* @see 經測試:本例中該方法的調用時機爲用戶登陸後,被調用

@Override

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

// 獲取當前登陸的用戶名,等價於(String)principals.fromRealm(this.getName()).iterator().next()

String currentUsername = (String) super.getAvailablePrincipal(principals);

List<String> roleList = new ArrayList<String>();

List<String> permissionList = new ArrayList<String>();

// 從數據庫中獲取當前登陸用戶的詳細信息

User user = userManager.getByUsername(currentUsername);

if (null != user) {

// 實體類User中包含有用戶角色的實體類信息

if (null != user.getRole()) {

// 獲取當前登陸用戶的角色

Role role = user.getRole();

roleList.add(role.getName());

//若是是超級管理員直接賦予全部權限

if(role.getName().equals("admin")){

permissionList.add("user");

permissionList.add("school");

}

else{

// 實體類Role中包含有角色權限的實體類信息

if (null != role.getRights() && role.getRights().size() > 0) {

// 獲取權限

for (RoleRight pmss : role.getRights()) {

if(pmss.isFlag()){

if (!StrUtils.isNullOrEmpty(pmss.getRight())) {

permissionList.add(pmss.getRight().getName());

}

} else {

throw new AuthorizationException();

}

// 爲當前用戶設置角色和權限

SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();

simpleAuthorInfo.addRoles(roleList);

simpleAuthorInfo.addStringPermissions(permissionList);

return simpleAuthorInfo;

}

/**

* 驗證當前登陸的Subject

* @see 經測試:本例中該方法的調用時機爲LoginController.login()方法中執行Subject.login()時

@Override

protected AuthenticationInfo doGetAuthenticationInfo(

AuthenticationToken authcToken) throws AuthenticationException {

// 獲取基於用戶名和密碼的令牌

// 實際上這個authcToken是從LoginController裏面currentUser.login(token)傳過來的

// 兩個token的引用都是同樣的

UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

System.out.println("驗證當前Subject時獲取到token爲"

+ ReflectionToStringBuilder.toString(token,

ToStringStyle.MULTI_LINE_STYLE));

User user = userManager.getByUsername(token.getUsername());

if (null != user) {

AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(

user.getUserName(), user.getPass(), user.getNickName());

this.setSession("currentUser", user);

return authcInfo;

} else {

return null;

}

/**

* 將一些數據放到ShiroSession中,以便於其它地方使用

* @see 好比Controller,使用時直接用HttpSession.getAttribute(key)就能夠取到

private void setSession(Object key, Object value) {

Subject currentUser = SecurityUtils.getSubject();

if (null != currentUser) {

Session session = currentUser.getSession();

if (null != session) {

session.setAttribute(key, value);

}

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。