Shiro组件-Realm

最新推荐文章于 2022-02-01 00:05:34 发布
最新推荐文章于 2022-02-01 00:05:34 发布
阅读量174 收藏
点赞数
分类专栏: Java框架-Shiro
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ZP_2019_07_18/article/details/105377284
版权

Realm体系

在这里插入图片描述

  • 作用
      用以加载用户的角色与权限。底层实现类主要区别于数据获取方式的不同。
  • 源码
    • 顶级接口Realm:提供身份认证基本功能
    interface Realm{
	String getName();//当前领域域的名称,每个领域对象名在同一应用中唯一
	boolean supports(AuthenticationToken token);//返回当前领域是否支持参数token的类型,支持则可以调用getAuthenticationInfo(AuthenticationToken token)进行身份认证
	AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;//返回参数token对应用户身份认证信息	
}
    • 抽象类:CachingRealm增加缓存功能
    //	实现缓存功能
abstract Class CachingRealm implements Realm,Nameable,CacheManagerAware,LogoutAware{
	private static final AtomicInteger INSTANCE_COUNT = new AtomicInteger();//实例的数
	private String name;//唯一名字,通过实现Nameable中的String setName()生成
	private CacheManager cacheManager;//通过实现CacheManagerAware的setCacheManager(),设置
	private boolean cachingEnabled;//是否支持缓存
	//设置名字为:类名+"_"+实例数目
	public CachingRealm(){
		this.cachingEnable = true;
		this.name = getClass().getName()+"_"+INSTANCE_COUNT.getAndIncrement();	
	}
	//实现Nameable
	public void setName(String name){
		this.name = name;
	}
	//实现CacheManagerAware
	public void setCacheManager(CacheManager cacheManager){
		this.cacheManager = cacheManager;
		afterCacheManagerSet();
	}
	//完成缓存管理器设置后的操作
	public void afterCacheManagerSet(){}
	public void setCachingEnabled(boolean cachingEnabled){
		this.cachingEnabled = cachingEnabled;
	}
	//实现LogoutAware
	public void onLogout(PrincipalCollection principals){
		clearCache(principals);
	}
	//清空当前信息在cache的信息
	public void clearCache(PrincipalCollection principals){
		if(!CollectionUtils.isEmpty(principals)){
			doClearCache(principals);
			log.trace("Cleared cache entries for account with principals[{}],principals");
		}
	}
	protected void doClearCache(PrincipalCollection principals) {}
	public CacheManager getCacheManager(){
		return this.cacheManager;
	}
	public String getName(){
		return this.name;
	}
	public boolean isCachingEnabled(){
		return this.cachingEnabled;
	}
	//获取可用的身份信息
	protected Object getAvailablePrincipal(PrincipalCollection principals) {
    	Object primary = null;
    	if (!CollectionUtils.isEmpty(principals)) {
        	Collection thisPrincipals = principals.fromRealm(getName());
        	if (!CollectionUtils.isEmpty(thisPrincipals)) {
            	primary = thisPrincipals.iterator().next();
        	} else {
            	//no principals attributed to this particular realm.  Fall back to the 'master' primary:
            	primary = principals.getPrimaryPrincipal();
        	}
    	}
    return primary;
    }
}
    • 抽象类:AuthenticatingRealm增加认证功能
     //省略属性的getter与setter
abstract class AuthenticatingRealm extends CachingRealm implements Initializable{
	private static final Logger = LoggerFactory.getLogger(AuthenticatingRealm.class);
	private static final AtomicInteger INSTANCE_COUNT = new AtomicInteger();
	//认证器缓存后缀
	private static final String DEFAULT_AUTHENTICATION_CACHE_SUFFIX = ".authenticationCache";
	//加密密码和验证密码
	private CredentialsMatcher credentialsMatcher;
    //支持的认证令牌类型
    private Class<? extends AuthenticationToken> authenticationTokenClass;
	//用以缓存认证信息
	private Cache<Object, AuthenticationInfo> authenticationCache;
	private boolean authenticationCachingEnabled;
    private String authenticationCacheName;

	//构造方法
	public AuthenticatingRealm(){}
	public AuthenticatingRealm(CacheManager cacheManager){}
	//实质上都调用的是此构造函数
	public AuthenticatingRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
	    authenticationTokenClass = UsernamePasswordToken.class;
		this.authenticationCachingEnabled = false; 
        int instanceNumber = INSTANCE_COUNT.getAndIncrement();
        this.authenticationCacheName = getClass().getName() + DEFAULT_AUTHENTICATION_CACHE_SUFFIX;
        if (instanceNumber > 0) {
            this.authenticationCacheName = this.authenticationCacheName + "." + instanceNumber;
        }
        if (cacheManager != null) {
        	setCacheManager(cacheManager);
        }
        if (matcher != null) {
          setCredentialsMatcher(matcher);
        }
    }
  	//认证功能
  	private Cache<Object,AuthenticainoInfo> getAuthenticationCacheLazy(){}
  	private AuthenticationInfo getCachedAuthenticationInfo(AuthenticationToken token){}
  	private void cacheAuthenticationInfoPossible(AuthenticationToken token,AuthenticationInfo info){}
  	public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {}
  	protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException{}
  	protected Object getAuthenticationCacheKey(AuthenticationToken token){}
  	protected Object getAuthenticationCacheKey(PrincipalCollection principals){}
  	private static boolean isEmpty(PrincipalCollection pc){}
  	protected void clearCachedAuthenticationInfo(PrincipalCollection principals){}
  	//重写方法
  	public boolean supports(AuthenticationToken token){}
  	public void setName(String name){}
  	protected void afterCacheManagerSet(){}
  	protected void doClearCache(PrincipalCollection principals){}
  	protected abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;
  	//实现接口
  	public final void init(){
  		getAvailableAuthenticationCache();
  		onInit();	
  	}
  	//服务接口
  	protected void onInit(){}
}
    • 抽象类:AuthorizingRealm增加授权功能
    //省略属性的getter与setter
abstract class AuthorizingRealm extends AuthenticatingRealm implements Authorizer,Initializable,PermissionResolverAware,RolePermissionResolverAware{
	private static final Logger log = LoggerFactory.getLogger(AuthorizingRealm.class);
	private static final String DEFAULT_AUTHORIZATION_CACHE_SUFFIX = ".authorizationCache";
	private static final AtomicInteger INSTANCE_COUNT = new AtomicInteger();
//认证缓存属性
	private boolean authorizationCachingEnabled;
	private Cache<Object, AuthorizationInfo> authorizationCache;
	private String authorizationCacheName;
//新增授权属性
	private PermissionResolver permissionResolver;
	private RolePermissionResolver permissionRoleResolver;
	
//授权方法
	//得到权限	
	protected Collection<Permission> getPermissions(AuthorizationInfo info){}
	private Collection<Permission> resolvePermissions(Collection<String> stringPerms){}
	private Collection<Permission> resolveRolePermissions(Collection<String> roleNames){}
	//是否拥有权限,PrincipalCollection是身份集合
	public boolean isPermitted(PrincipalCollection principals, String permission){}
	public boolean isPermitted(PrincipalCollection principals, Permission permission){}
	public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions){}
	protected boolean[] isPermitted(List<Permission> permissions, AuthorizationInfo info){}
	public boolean isPermittedAll(PrincipalCollection subjectIdentifier, String... permissions){}
	//实质调用此方法
	protected boolean isPermitted(Permission permission, AuthorizationInfo info){
		Collection<Permission> perms = getPermissions(info);
    	if (perms != null && !perms.isEmpty()) {
    		for (Permission perm : perms) {
       			if (perm.implies(permission)) {
                 	return true;
             	}
         	}
     	}
        return false;
   	}
	//验证是否有此权限,实质调用isPermitted()方法,无权限则抛出异常。
	public void checkPermission(PrincipalCollection subjectIdentifier, String permission) throws AuthorizationException{}
	public void checkPermission(PrincipalCollection principal, Permission permission) throws AuthorizationException{}
	protected void checkPermission(Permission permission, AuthorizationInfo info){}
	public void checkPermissions(PrincipalCollection subjectIdentifier, String... permissions) throws AuthorizationException{}
	public void checkPermissions(PrincipalCollection principal, Collection<Permission> permissions) throws AuthorizationException{}
	protected void checkPermissions(Collection<Permission> permissions, AuthorizationInfo info){}
	//是否拥有此角色
	public boolean hasRole(PrincipalCollection principal, String roleIdentifier){}
	public boolean[] hasRoles(PrincipalCollection principal, List<String> roleIdentifiers){}
	protected boolean[] hasRoles(List<String> roleIdentifiers, AuthorizationInfo info){}
	public boolean hasAllRoles(PrincipalCollection principal, Collection<String> roleIdentifiers){}
	private boolean hasAllRoles(Collection<String> roleIdentifiers, AuthorizationInfo info){}
	//实质调用此方法
	protected boolean hasRole(String roleIdentifier, AuthorizationInfo info){
		return info != null && info.getRoles() != null && info.getRoles().contains(roleIdentifier);
	}
	//检查是否拥有此角色,实质调用hasRoles()等方法,不具有此角色则抛出异常。
	public void checkRole(PrincipalCollection principal, String role) throws AuthorizationException{}
	protected void checkRole(String role, AuthorizationInfo info){}
	public void checkRoles(PrincipalCollection principal, Collection<String> roles) throws AuthorizationException{}
	public void checkRoles(PrincipalCollection principal, String... roles) throws AuthorizationException{}
	protected void checkRoles(Collection<String> roles, AuthorizationInfo info){}
	//重写方法
	public void setName(String name){}
	protected void onInit(){}
	afterCacheManagerSet(){}
	private Cache<Object, AuthorizationInfo> getAuthorizationCacheLazy(){}
	private Cache<Object, AuthorizationInfo> getAvailableAuthorizationCache(){}
	protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals){}
	protected Object getAuthorizationCacheKey(PrincipalCollection principals){}
	protected void clearCachedAuthorizationInfo(PrincipalCollection principals){}
	protected void doClearCache(PrincipalCollection principals){}
	//实现接口
	//服务接口
}
    • 实现类:JdbcRleam,从数据源中获得权限信息
    public class JdbcRealm extends AuthorizingRealm{
	protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password from users where username = ?";
	protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt from users where username = ?";
	protected static final String DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where username = ?";
	protected static final String DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions where role_name = ?";
	private static final Logger log = LoggerFactory.getLogger(JdbcRealm.class);
	public enum SaltStyle {NO_SALT, CRYPT, COLUMN, EXTERNAL};
	
	protected DataSource dataSource;
	protected String authenticationQuery = DEFAULT_AUTHENTICATION_QUERY;
	protected String userRolesQuery = DEFAULT_USER_ROLES_QUERY;
	protected String permissionsQuery = DEFAULT_PERMISSIONS_QUERY;
	protected boolean permissionsLookupEnabled = false;
	protected SaltStyle saltStyle = SaltStyle.NO_SALT;
	protected boolean saltIsBase64Encoded = true;

//数据库中获取权限信息
	
//重写方法
	//从从数据库中得到数据
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException{}
	private String[] getPasswordForUser(Connection conn, String username) throws SQLException{}
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals){}
	protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException{}
	protected Set<String> getPermissions(Connection conn, String username, Collection<String> roleNames) throws SQLException{}
}
    • 实现类:IniRealm,从INI文件中获得权限信息
    public class IniRealm extends TextConfigurationRealm{
	public static final String USERS_SECTION_NAME = "users";
	public static final String ROLES_SECTION_NAME = "roles";
	private static transient final Logger log = LoggerFactory.getLogger(IniRealm.class);
	private String resourcePath;	
	private Ini ini;

	public IniRealm(){}
	public IniRealm(Ini ini){}
	public IniRealm(String resourcePath){}
//INI文件获得权限
	private void processDefinitions(Ini ini){}
//重写方法
	protected void onInit(){}
//实现接口
//辅助接口
}
ZP_TX_NG
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Tomcat服务器配置参考
边城浪子
09-15 2413
Realm组件概述Realm元素是一个包含用户名,密码和用户角色的数据库。角色与Unix的group类似。Realm的不同实现允许将Catalina集成到认证信息已经被创建和维护的环境中,然后利用这些信息来实现Container Managed Security,如Servlet Specification中所述。你可以在任何Catalina容器(Engine,Host或者Context)中嵌套R
[转] Tomcat -- Realm组件
weihua1985的专栏
06-03 104
    版本:1.0 日期:2003-12-27 有任何问题和建议,给我发邮件 留言请到http://tuman.blogger.cn ,转载请保留这一部分,谢谢 Tomcat服务器配置参考 Realm组件 概述 Realm元素是一个包含用户名,密码和用户角色的数据库。角色与Un...
Spring Shiro基础组件 Realm
我家有猫已长成的博客
02-01 180
Spring Shiro基础组件 Realm 简介。
Shiro的鉴权方式
不忘初心,方能始终。
02-25 9980
一、 怎么用 Shiro 支持三种方式的授权 编程式:通过写 if/else 授权代码块完成: Subject subject = SecurityUtils.getSubject(); if(subject.hasRole(“admin”)) { //有权限 } else { //无权限 } 注解式:通过在执行的 Java 方法上放置相应的注解完成: @Require...
shiro系列-----------注解授权
weixin_38040972的博客
11-14 253
使用注解进行权限控制 1.原理:通过拦截器拦截特定的注解,然后解析注解里的值,然后判断subject.has*()转交给SecurityManager处理,层层流转最后会去比对域值或者缓存值。 2.拦截器源代码之一 public class PermissionAnnotationHandler extends AuthorizingAnnotationHandler { public P...
Apache Shiro 使用手册(四) Realm 实现
09-15
Shiro的架构中,`Realm` 是一个至关重要的组件,它是Shiro与应用程序特定安全数据源(如数据库、LDAP或其它来源)之间的桥梁。在Shiro的认证和授权过程中,`Realm` 扮演着核心角色。 **一、认证实现** 认证是...
Apache Shiro 框架简介
01-11
一、什么是Shiro  Apache Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能...首先,来了解一下Shiro的三个核心组件:Subject, SecurityManager 和 Realms. 如下图:  Subject:即“当
详解spring与shiro集成
08-29
3. **Realm实现** - RealmShiro与应用特定安全数据交互的核心。这里配置一个自定义的UserRealm,与UserService集成,并设置凭证匹配器和其他属性: ```xml <bean id="userRealm" class="com.github.zhangkaitao....
31、Shiro.pdf
04-30
Shiro的核心架构包括Subject、SecurityManager、Realm组件。 Subject是Shiro的对外接口,代表了当前的“用户”,无论是人还是应用程序中的其他实体。所有的安全操作都通过Subject来执行,而实际的工作则由...
shiro之INI配置详解
08-29
Shiro中,SecurityManager是整个安全框架的核心组件,它负责身份验证和授权。SecurityManager是一个Thread-safe的对象,每个应用程序只需要一个实例。Shiro提供了SecurityUtils来绑定SecurityManager为全局的,...
MVC中重写RoleProvider角色管理
diehe5608的博客
07-01 130
/* 数据表SQL脚本 if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_UsersInRoles_Roles]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) ALTER TABLE [dbo].[UsersInRoles] DROP C...
shrio自定义realm,权限拦截
pyzheng的专栏
01-15 290
[url]http://my.oschina.net/sheldon1/blog/603351[/url] 一,自定义realm,重写认证,授权,验证权限三个方法 [code="java"]public class UserRealm extends AuthorizingRealm { @Autowired private SysUserService use...
Spring Boot系列(十五) 安全框架Apache Shiro(二)缓存-EhCache
xtiawxf的专栏
09-19 4249
本例在上一节Shiro基本功能基础上增加缓存功能,主要缓存Session、身份、权限等,对于实际应用会减少查询数据库次数,提升效率。Shiro为我们提供了CacheManager接口,在1.2.x版本中,提供了EhCache缓存的实现EhCacheManager和默认的MemoryConstrainedCacheManager的实现,到1.3.x版本时,增加了基于Hazelcast的分布式缓存实现H
java报错日志是什么_权限管理的页面及入口方法---启动并观察日志 报错 java.lang.NullPointerException...
weixin_39906906的博客
02-27 785
G:\develop\apache-tomcat-8.5.31-windows-64位\apache-tomcat-8.5.31\bin\catalina.bat run[2019-09-04 03:12:46,856] Artifact nutzbook:war: Waiting for server connection to start artifact deployment...Using...
shiro源码分析(三)授权、认证、缓存的接口设计
乒乓狂魔的专栏
12-19 267
[size=medium]前两篇文章主要说的是认证过程,这一篇来分析下授权的过程。还是开涛大神的案例([url]http://jinnianshilongnian.iteye.com/blog/2020017[/url]),如下:[/size] [code="java"] public class ShiroTest { @Test public void testHellow...
SpringMVC+Shiro整合配置文件详解
热门推荐
空城旧事的博客
11-03 2万+
在项目中xml文件的配置是必不可少的,特别是SpringMVC框架。但是几乎所有项目的配置都是大同小异,很多人都是直接复制黏贴了事,不少人对其具体含义及用途都不甚全知。本片文章将正对项目中常用的框架SpringMVC+Shiro进行整合,并对其中关键和部分常识性问题进行注释讲解,方便在以后的项目编写中查阅和熟悉。 1、web.xml文件的配置 所有javaweb项目第一步要做的就是对web
Shiro认证授权业务软件实现流程
Hadwin1991的博客
06-09 693
shiro认证授权业务软件实现流程
Shrio登陆验证实例详细解读
Evankaka的专栏
12-06 1万+
本文采用了Spring+SpringMVC+Mybatis+Shiro+Msql来写了一个登陆验证的实例,下面来看看过程吧!整个工程基于Mavevn来创建,运行环境为JDK1.6+WIN7+tomcat7.这里主要说了Shiro的搭建过程,Spring+SpringMVC+Mybatis的搭建过可以看这里Spring+Mybatis+SpringMVC+Maven+MySql搭建实例
鉴权 shiro realm
最新发布
06-12
Shiro中,Realm是用于验证用户身份和授权的组件Realm是一个接口,用于定义如何从数据源(如数据库、LDAP、文件等)中获取用户身份和权限信息。Realm通常用于与后端数据源进行交互,以验证用户的身份和授权。Shiro提供了许多默认的Realm实现,例如JDBC Realm、LDAP Realm和Properties Realm等。此外,Shiro还支持自定义Realm实现,以满足特定的业务需求。在自定义Realm时,需要实现Realm接口中的方法,包括获取用户身份信息、获取用户权限信息等。通过配置Shiro安全管理器的Realm属性,可以将自定义RealmShiro集成,实现对用户身份和权限的验证。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值