shiro授权和权限限制

最新推荐文章于 2021-11-24 10:07:06 发布

adolph_jun

最新推荐文章于 2021-11-24 10:07:06 发布

阅读量1.0k

点赞数

分类专栏： shiro

本文链接：https://blog.csdn.net/adolph_jun/article/details/81662701

版权

shiro 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

AuthorizingRealm//权限验证核心类

//验证角色
public boolean hasRole(PrincipalCollection principal, String roleIdentifier) {
	AuthorizationInfo info = getAuthorizationInfo(principal);
	return hasRole(roleIdentifier, info);
}

public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
	assertRealmsConfigured();
	for (Realm realm : getRealms()) {
		if (!(realm instanceof Authorizer)) continue;
		if (((Authorizer) realm).hasRole(principals, roleIdentifier)) {
			return true;
		}
	}
	return false;
}

public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException {
	assertRealmsConfigured();
	if (!hasRole(principals, role)) {
		throw new UnauthorizedException("Subject does not have role [" + role + "]");
	}
}

//获取用户权限
AuthorizingRealm.getAuthorizationInfo(PrincipalCollection principals)//登录用户信息
//权限验证
isPermitted(PrincipalCollection principals, Permission permission)//登录用户信息，用户操作需要的权限
	public boolean isPermitted(PrincipalCollection principals, Permission permission) {
		AuthorizationInfo info = getAuthorizationInfo(principals);//获取用户拥有的权限
		return isPermitted(permission, info);
	}
	
//具体实现权限字符串比较
protected boolean isPermitted(Permission permission, AuthorizationInfo info) { //需要的权限，拥有的权限	
	Collection<Permission> perms = getPermissions(info);
	if (perms != null && !perms.isEmpty()) {
		for (Permission perm : perms) {
			if (perm.implies(permission)) {
				return true;
			}
		}
	}
	return false;
}
	
public boolean implies(Permission p) {
	// By default only supports comparisons with other WildcardPermissions
	if (!(p instanceof WildcardPermission)) {
		return false;
	}

	WildcardPermission wp = (WildcardPermission) p;

	List<Set<String>> otherParts = wp.getParts();

	int i = 0;
	for (Set<String> otherPart : otherParts) {
		// If this permission has less parts than the other permission, everything after the number of parts contained
		// in this permission is automatically implied, so return true
		if (getParts().size() - 1 < i) {
			return true;
		} else {
			Set<String> part = getParts().get(i);
			if (!part.contains(WILDCARD_TOKEN) && !part.containsAll(otherPart)) {
				return false;
			}
			i++;
		}
	}

	// If this permission has more parts than the other parts, only imply it if all of the other parts are wildcards
	for (; i < getParts().size(); i++) {
		Set<String> part = getParts().get(i);
		if (!part.contains(WILDCARD_TOKEN)) {
			return false;
		}
	}

	return true;
}