**
* 自定义Realm、实现抽象类AuthorizingRealm
*/
public class CustomRealm extends AuthorizingRealm{
Map<String,String> userMap=new HashMap<>(16);
{
//模拟缓存
userMap.put("link","7bbb77ff644c125c9a8cc871b057df09");
}
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String userName= (String) principalCollection.getPrimaryPrincipal();
//从数据库或缓存中获取角色数据
Set<String> roles=getRolesByUserName(userName);
Set<String> permissions=getPermissionByUserName(userName);
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setRoles(roles);
simpleAuthorizationInfo.setStringPermissions(permissions);
return simpleAuthorizationInfo;
}
private Set<String> getPermissionByUserName(String userName) {
Set<String> sets=new HashSet<>();
sets.add("user:delete");
sets.add("user:add");
return sets;
}
private Set<String> getRolesByUserName(String userName) {
Set<String> sets=new HashSet<>();
sets.add("admin");
sets.add("user");
return sets;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1、从主体传来的信息获取用户名
String userName=(String) authenticationToken.getPrincipal();
//2、从数据库获取凭证
String password=getPasswordByUsername(userName);
if(password==null){
return null;
}
SimpleAuthenticationInfo authorizationInfo=new SimpleAuthenticationInfo("link",password,"realName");
authorizationInfo.setCredentialsSalt(ByteSource.Util.bytes("min"));
return authorizationInfo;
}
private String getPasswordByUsername(String userName) {
return userMap.get(userName);
}
public static void main(String[] args){
Md5Hash md5Hash=new Md5Hash("123456","min");
System.out.println(md5Hash.toString());
//加密后密码:e10adc3949ba59abbe56e057f20f883e
//加salt后的加密密码:7bbb77ff644c125c9a8cc871b057df09
}
}
/**
*测试验证
*/
public class CustomRealmTest {
@Test
public void testAuthentication(){
CustomRealm customRealm=new CustomRealm();
//1、构建SecurityManger环境
DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager();
defaultSecurityManager.setRealm(customRealm);
//数据加密处理
HashedCredentialsMatcher matcher=new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("md5");
matcher.setHashIterations(1);//加密的次数
customRealm.setCredentialsMatcher(matcher);
//2、主体提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject= SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken("link","123456");
subject.login(token);
System.out.println("Authenticated:"+subject.isAuthenticated());
}
}
Shrio权限验证3- 自定义Realm与加密
最新推荐文章于 2020-08-09 23:14:06 发布