源码
interface Realm{
String getName();
boolean supports(AuthenticationToken token);
AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;
}
abstract Class CachingRealm implements Realm,Nameable,CacheManagerAware,LogoutAware{
private static final AtomicInteger INSTANCE_COUNT = new AtomicInteger();
private String name;
private CacheManager cacheManager;
private boolean cachingEnabled;
public CachingRealm(){
this.cachingEnable = true;
this.name = getClass().getName()+"_"+INSTANCE_COUNT.getAndIncrement();
}
public void setName(String name){
this.name = name;
}
public void setCacheManager(CacheManager cacheManager){
this.cacheManager = cacheManager;
afterCacheManagerSet();
}
public void afterCacheManagerSet(){}
public void setCachingEnabled(boolean cachingEnabled){
this.cachingEnabled = cachingEnabled;
}
public void onLogout(PrincipalCollection principals){
clearCache(principals);
}
public void clearCache(PrincipalCollection principals){
if(!CollectionUtils.isEmpty(principals)){
doClearCache(principals);
log.trace("Cleared cache entries for account with principals[{}],principals");
}
}
protected void doClearCache(PrincipalCollection principals) {}
public CacheManager getCacheManager(){
return this.cacheManager;
}
public String getName(){
return this.name;
}
public boolean isCachingEnabled(){
return this.cachingEnabled;
}
protected Object getAvailablePrincipal(PrincipalCollection principals) {
Object primary = null;
if (!CollectionUtils.isEmpty(principals)) {
Collection thisPrincipals = principals.fromRealm(getName());
if (!CollectionUtils.isEmpty(thisPrincipals)) {
primary = thisPrincipals.iterator().next();
} else {
primary = principals.getPrimaryPrincipal();
}
}
return primary;
}
}
- 抽象类:AuthenticatingRealm增加认证功能
abstract class AuthenticatingRealm extends CachingRealm implements Initializable{
private static final Logger = LoggerFactory.getLogger(AuthenticatingRealm.class);
private static final AtomicInteger INSTANCE_COUNT = new AtomicInteger();
private static final String DEFAULT_AUTHENTICATION_CACHE_SUFFIX = ".authenticationCache";
private CredentialsMatcher credentialsMatcher;
private Class<? extends AuthenticationToken> authenticationTokenClass;
private Cache<Object, AuthenticationInfo> authenticationCache;
private boolean authenticationCachingEnabled;
private String authenticationCacheName;
public AuthenticatingRealm(){}
public AuthenticatingRealm(CacheManager cacheManager){}
public AuthenticatingRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
authenticationTokenClass = UsernamePasswordToken.class;
this.authenticationCachingEnabled = false;
int instanceNumber = INSTANCE_COUNT.getAndIncrement();
this.authenticationCacheName = getClass().getName() + DEFAULT_AUTHENTICATION_CACHE_SUFFIX;
if (instanceNumber > 0) {
this.authenticationCacheName = this.authenticationCacheName + "." + instanceNumber;
}
if (cacheManager != null) {
setCacheManager(cacheManager);
}
if (matcher != null) {
setCredentialsMatcher(matcher);
}
}
private Cache<Object,AuthenticainoInfo> getAuthenticationCacheLazy(){}
private AuthenticationInfo getCachedAuthenticationInfo(AuthenticationToken token){}
private void cacheAuthenticationInfoPossible(AuthenticationToken token,AuthenticationInfo info){}
public final AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {}
protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException{}
protected Object getAuthenticationCacheKey(AuthenticationToken token){}
protected Object getAuthenticationCacheKey(PrincipalCollection principals){}
private static boolean isEmpty(PrincipalCollection pc){}
protected void clearCachedAuthenticationInfo(PrincipalCollection principals){}
public boolean supports(AuthenticationToken token){}
public void setName(String name){}
protected void afterCacheManagerSet(){}
protected void doClearCache(PrincipalCollection principals){}
protected abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException;
public final void init(){
getAvailableAuthenticationCache();
onInit();
}
protected void onInit(){}
}
- 抽象类:AuthorizingRealm增加授权功能
abstract class AuthorizingRealm extends AuthenticatingRealm implements Authorizer,Initializable,PermissionResolverAware,RolePermissionResolverAware{
private static final Logger log = LoggerFactory.getLogger(AuthorizingRealm.class);
private static final String DEFAULT_AUTHORIZATION_CACHE_SUFFIX = ".authorizationCache";
private static final AtomicInteger INSTANCE_COUNT = new AtomicInteger();
private boolean authorizationCachingEnabled;
private Cache<Object, AuthorizationInfo> authorizationCache;
private String authorizationCacheName;
private PermissionResolver permissionResolver;
private RolePermissionResolver permissionRoleResolver;
protected Collection<Permission> getPermissions(AuthorizationInfo info){}
private Collection<Permission> resolvePermissions(Collection<String> stringPerms){}
private Collection<Permission> resolveRolePermissions(Collection<String> roleNames){}
public boolean isPermitted(PrincipalCollection principals, String permission){}
public boolean isPermitted(PrincipalCollection principals, Permission permission){}
public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions){}
protected boolean[] isPermitted(List<Permission> permissions, AuthorizationInfo info){}
public boolean isPermittedAll(PrincipalCollection subjectIdentifier, String... permissions){}
protected boolean isPermitted(Permission permission, AuthorizationInfo info){
Collection<Permission> perms = getPermissions(info);
if (perms != null && !perms.isEmpty()) {
for (Permission perm : perms) {
if (perm.implies(permission)) {
return true;
}
}
}
return false;
}
public void checkPermission(PrincipalCollection subjectIdentifier, String permission) throws AuthorizationException{}
public void checkPermission(PrincipalCollection principal, Permission permission) throws AuthorizationException{}
protected void checkPermission(Permission permission, AuthorizationInfo info){}
public void checkPermissions(PrincipalCollection subjectIdentifier, String... permissions) throws AuthorizationException{}
public void checkPermissions(PrincipalCollection principal, Collection<Permission> permissions) throws AuthorizationException{}
protected void checkPermissions(Collection<Permission> permissions, AuthorizationInfo info){}
public boolean hasRole(PrincipalCollection principal, String roleIdentifier){}
public boolean[] hasRoles(PrincipalCollection principal, List<String> roleIdentifiers){}
protected boolean[] hasRoles(List<String> roleIdentifiers, AuthorizationInfo info){}
public boolean hasAllRoles(PrincipalCollection principal, Collection<String> roleIdentifiers){}
private boolean hasAllRoles(Collection<String> roleIdentifiers, AuthorizationInfo info){}
protected boolean hasRole(String roleIdentifier, AuthorizationInfo info){
return info != null && info.getRoles() != null && info.getRoles().contains(roleIdentifier);
}
public void checkRole(PrincipalCollection principal, String role) throws AuthorizationException{}
protected void checkRole(String role, AuthorizationInfo info){}
public void checkRoles(PrincipalCollection principal, Collection<String> roles) throws AuthorizationException{}
public void checkRoles(PrincipalCollection principal, String... roles) throws AuthorizationException{}
protected void checkRoles(Collection<String> roles, AuthorizationInfo info){}
public void setName(String name){}
protected void onInit(){}
afterCacheManagerSet(){}
private Cache<Object, AuthorizationInfo> getAuthorizationCacheLazy(){}
private Cache<Object, AuthorizationInfo> getAvailableAuthorizationCache(){}
protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals){}
protected Object getAuthorizationCacheKey(PrincipalCollection principals){}
protected void clearCachedAuthorizationInfo(PrincipalCollection principals){}
protected void doClearCache(PrincipalCollection principals){}
}
- 实现类:JdbcRleam,从数据源中获得权限信息
public class JdbcRealm extends AuthorizingRealm{
protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password from users where username = ?";
protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt from users where username = ?";
protected static final String DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where username = ?";
protected static final String DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions where role_name = ?";
private static final Logger log = LoggerFactory.getLogger(JdbcRealm.class);
public enum SaltStyle {NO_SALT, CRYPT, COLUMN, EXTERNAL};
protected DataSource dataSource;
protected String authenticationQuery = DEFAULT_AUTHENTICATION_QUERY;
protected String userRolesQuery = DEFAULT_USER_ROLES_QUERY;
protected String permissionsQuery = DEFAULT_PERMISSIONS_QUERY;
protected boolean permissionsLookupEnabled = false;
protected SaltStyle saltStyle = SaltStyle.NO_SALT;
protected boolean saltIsBase64Encoded = true;
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException{}
private String[] getPasswordForUser(Connection conn, String username) throws SQLException{}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals){}
protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException{}
protected Set<String> getPermissions(Connection conn, String username, Collection<String> roleNames) throws SQLException{}
}
- 实现类:IniRealm,从INI文件中获得权限信息
public class IniRealm extends TextConfigurationRealm{
public static final String USERS_SECTION_NAME = "users";
public static final String ROLES_SECTION_NAME = "roles";
private static transient final Logger log = LoggerFactory.getLogger(IniRealm.class);
private String resourcePath;
private Ini ini;
public IniRealm(){}
public IniRealm(Ini ini){}
public IniRealm(String resourcePath){}
private void processDefinitions(Ini ini){}
protected void onInit(){}
}