1.new SimpleAuthenticationInfo(user,user.getPassword(),""),做了什么?
问题:1.doGetAuthorizationInfo(PrincipalCollection principalCollection)中的PrincipalCollection是什么?
答:存储了用户对象,来自认证方法中认证对象存储的用户对象。
public class UserRealm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("做了授权");
Subject subject = SecurityUtils.getSubject();
//principal获取登录对象
User principal = (User) subject.getPrincipal();
//设置当前用户权限
//注:可设置一个或者多个
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//设置可用资源
info.addStringPermission(principal.getPrems());
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("做了认证");
//数据库注册用户信息
User user = new User();
user.setPassword("root");
user.setPassword("123456");
UsernamePasswordToken token1 = (UsernamePasswordToken) token;
if (!token1.getUsername().equals(user.getUsername())){
throw new UnknownAccountException();
}
//返回当前登录用户对象
return new SimpleAuthenticationInfo(user,user.getPassword(),"");
}
}
1.SimpleAuthenticationInfo 构造器
public class SimpleAuthenticationInfo implents....{
....
public SimpleAuthenticationInfo(Object principal, Object hashedCredentials, ByteSource credentialsSalt, String realmName) {
this.principals = new SimplePrincipalCollection(principal, realmName);
this.credentials = hashedCredentials;
this.credentialsSalt = credentialsSalt;
}
.....
}
2. SimplePrincipalCollection(principal, realmName);
作用:
将用户对象user存到PrincipalCollection,在realm对象中授权方法可以调用到。
public SimplePrincipalCollection(Object principal, String realmName) {
if (principal instanceof Collection) {
this.addAll((Collection)principal, realmName);
} else {
this.add(principal, realmName);
}
}