一.步骤总结
1.新建MyRealm类,继承AuthorizingRealm类
public class MyRealmAuthorizing extends AuthorizingRealm {
2.实现里面的两个方法:
doGetAuthorizationInfo:授权的方法
1)根据principals去数据库中查询对应的角色
2)根据角色去数据库中查询对应的权限
3)新建 SimpleAuthorizationInfo,通过 SimpleAuthorizationInfo的addRoles和addStringPermissions方法进行授权,最后返回 SimpleAuthorizationInfo即可
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
List list = principals.asList();
User user = (User)list.get(0);
//根据对象去数据库中查询对应的角色表,这边假装roles集合就是从数据库中查出来的
List<String> roles=new ArrayList<>();
roles.add("管理员");
roles.add("操作员");
//根据角色去数据库中查询对应的权限,这边假装powers集合就是从数据库中查出来的
List<String> powers=new ArrayList<>();
power.add("user.insert");
power.add("user.select");
//授权
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roles);
info.addStringPermissions(powers);
return info;
}
doGetAuthenticationInfo:认证的方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken upToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) upToken;
String username = token.getUsername();
char[] password = token.getPassword();
//从数据库中查询数据
try {
Connection connection = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test", "root", "admin");
PreparedStatement ps = connection.prepareStatement("select * from t_shiro where username=?");
ps.setString(1, username);
ResultSet rs = ps.executeQuery();
User user = null;
if (rs.next()) {
user = new User();
user.setId(rs.getInt("id"));
user.setUsername(rs.getString("username"));
user.setPassword(rs.getString("password"));
user.setSalt(rs.getString("salt"));
}
if (user == null) {
throw new UnknownAccountException("用户名不存在");
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), "myrealm");
return info;
} catch (SQLException e) {
e.printStackTrace();
}
return null;
}
测试类
public class ShiroTest {
public static void main(String[] args) {
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("admin", "123");
try {
/* 这边进行认证,如果成功,则会走下一行,如若失败,会抛出异常
账号错误则抛UnknownAccountException异常
密码错误则抛IncorrectCredentialsException异常
反正是不会走下一行
*/
subject.login(token);
System.out.println("认证成功");
//注意:这边是要给角色的名称,而不是权限
boolean role = subject.hasRole("操作员");
boolean permitted = subject.isPermitted("user:insert");
System.out.println("是否具有某个角色" + role);
System.out.println("是否具有某个权限"+permitted);
} catch (UnknownAccountException u) {
System.out.println("未知账号异常");
} catch (IncorrectCredentialsException i) {
System.out.println("密码错误异常");
} catch (Exception e) {
e.printStackTrace();
System.out.println("系统发生未知错误");
}
}
}