5.创建Realm安全数据桥, 通过继承AuthorizingRealm的方式实现
此处只重写了 doGetAuthenticationInfo 该方法 进行登陆验证,后续再介绍授权方法
package com.weixin.shiro;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import com.weixin.mapper.AdminMapper;
import com.weixin.pojo.Admin;
import com.weixin.util.MD5Util;
public class MyRealm extends AuthorizingRealm {
@Autowired
private AdminMapper adminMapper;
/**
* 授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Object principal = principalCollection.getPrimaryPrincipal();//获取登录的用户名
if("admin".equals(principal)){ //两个if根据判断赋予登录用户权限
info.addRole("admin");
}
if("user".equals(principal)){
info.addRole("list");
}
info.addRole("user");
return info;
}
/**
* 登陆验证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//1. token 中获取登录的 username! 注意不需要获取password.
Object principal = token.getPrincipal();
//2. 利用 username 查询数据库得到用户的信息.
Admin admin = new Admin();
admin.setUsername((String) principal);
admin =adminMapper.selectByNameAndPwd(admin);
String password = "";
if(admin !=null){
password=admin.getPassword();
}
String credentials = password;
//3.设置盐值 ,(加密的调料,让加密出来的东西更具安全性,一般是通过数据库查询出来的。 简单的说,就是把密码根据特定的东西而进行动态加密,如果别人不知道你的盐值,就解不出你的密码)
ByteSource credentialsSalt = ByteSource.Util.bytes(MD5Util.PASSWORD_SALT);
// ByteSource bytes = ByteSource.Util.bytes((String)principal);
//当前 Realm 的name
String realmName = getName();
//返回值实例化
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principal, credentials,credentialsSalt,realmName);
return info;
}
//init-method 配置.
public void setCredentialMatcher(){
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName("MD5");//MD5算法加密
credentialsMatcher.setHashIterations(1024);//1024次循环加密
credentialsMatcher.setStoredCredentialsHexEncoded(true);//此处决定加密密码转化为16进制(与入库时保持一致)
setCredentialsMatcher(credentialsMatcher);
}
//用来测试的算出密码password盐值加密后的结果,下面方法用于新增用户添加到数据库操作的,我这里就直接用main获得,直接数据库添加了,省时间
public static void main(String[] args) {
String saltSource = "abcdef";
String hashAlgorithmName = "MD5";
String credentials = "passwor";
Object salt = new Md5Hash(saltSource);
int hashIterations = 1024;
Object result = new SimpleHash(hashAlgorithmName, credentials, salt, hashIterations);
System.out.println(result);
}
}
)