shrio自定义realm,权限拦截

[url]http://my.oschina.net/sheldon1/blog/603351[/url]

一,自定义realm,重写认证,授权,验证权限三个方法
public class UserRealm extends AuthorizingRealm {

@Autowired
private SysUserService userService;

@Autowired
private UserAuthService userAuthService;

private Logger logger = LoggerFactory.getLogger(this.getClass());

/**
* 授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

SysUser user = (SysUser) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(userAuthService.findStringRoles(user.getId()));
authorizationInfo.setStringPermissions(userAuthService.findStringPermissions(user.getId()));

return authorizationInfo;
}

/**
* 认证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

logger.info("----------------认证----------------");

UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername().trim();
String password = "";
if (upToken.getPassword() != null) {
password = new String(upToken.getPassword());
}
SysUser user = userService.login(username, password);

if (user != null) {
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password.toCharArray(), getName());
return info;
}
return null;
}

//重写权限判断方法,加入正则判断
@Override
public boolean isPermitted(PrincipalCollection principals, String permission) {
AuthorizationInfo info = getAuthorizationInfo(principals);
Collection<String> permissions = info.getStringPermissions();
return permissions.contains(permission) || patternMatch(permissions, permission);
}

/**
* 正则
* @param patternUrlList
* @param requestUri
* @return
*/
public boolean patternMatch(Collection<String> patternUrlList, String requestUri) {
boolean flag = false;
for (String patternUri : patternUrlList) {
if (StringUtils.isNotEmpty(patternUri)) {
Pattern pattern = Pattern.compile(patternUri);
Matcher matcher = pattern.matcher(requestUri);
if (matcher.matches()) {
flag = true;
break;
}
}
}
return flag;
}

二、授权filter

isAccessAllowed,拦截方法,返回true表示通过验证,返回false会执行onAccessDenied方法。
public class LoginCheckPermissionFilter extends AuthorizationFilter {

public Logger logger = LoggerFactory.getLogger(getClass());

@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String url = httpServletRequest.getRequestURI();
try {
Subject user = SecurityUtils.getSubject();

return user.isPermitted(url);
} catch (Exception e) {
logger.error("check permission error", e);
}
return true;
}

@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Subject subject = getSubject(request, response);
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
String method = httpServletRequest.getMethod();
if (subject.getPrincipal() == null) {
saveRequestAndRedirectToLogin(request, response);
} else {
String unauthorizedUrl = getUnauthorizedUrl();
if (StringUtils.hasText(unauthorizedUrl)) {
if (method.equals("POST")) {
httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
String result = JSON.toJSONString(new BaseResp("没有权限,请联系管理员!", BizConstants.FAIL));
httpServletResponse.getWriter().write(result);
} else {
WebUtils.issueRedirect(request, response, unauthorizedUrl);
}
} else {
WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
return false;
}
}

三、shiro部分配置
 <property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<!--<property name="successUrl" value="/loginOK" />-->
<property name="unauthorizedUrl" value="/noPermission"/>
<property name="filters">
<map>
<entry key="perms" value-ref="loginCheckPermissionFilter"/>
<entry key="user" value-ref="myUserFilter"/>
</map>
</property>

<property name="filterChainDefinitions">
<value>
/favicon.ico = anon
/resources/** = anon
/PoiTemplate/** = anon
/login = anon
/logout = user
/** = user,perms
</value>
</property>
</bean>
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值