2 授权
授权是在认证之后进行的。在上述md5加密的情况下进行授权。
public class TestCustomerMD5RealmAuthorization {
public static void main(String[] args) {
// 创建安全管理器
DefaultSecurityManager securityManager = new DefaultSecurityManager();
// 注入realm
CustomerMD5Realm realm = new CustomerMD5Realm();
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
// 注册算法
hashedCredentialsMatcher.setHashAlgorithmName("md5");
// 散列次数
// hashedCredentialsMatcher.setHashIterations(1024);
realm.setCredentialsMatcher(hashedCredentialsMatcher);
// 为securityManager设置Realm
securityManager.setRealm(realm);
// 设置securityManager
SecurityUtils.setSecurityManager(securityManager);
// 获取subject对象
Subject subject = SecurityUtils.getSubject();
// 创建token
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123");
try {
subject.login(token);
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("用户名错误");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("密码错误");
}
// 认证用户进行授权
if (subject.isAuthenticated()) {
// 1.基于角色的权限控制
System.out.println(subject.hasRole("super"));
// 基于多角色权限控制
System.out.println(subject.hasAllRoles(Arrays.asList("admin", "user")));
System.out.println("==");
// 判断多角色只有其中一个
boolean[] booleans = subject.hasRoles(Arrays.asList("admin", "super", "user"));
for (boolean aBoolean : booleans) {
System.out.println(aBoolean);
}
// 基于权限字符串的权限控制 资源标识符:操作:资源类型
System.out.println("权限:" + subject.isPermitted("user:*:01"));
System.out.println("权限:" + subject.isPermitted("product:create:*"));
boolean[] permitted = subject.isPermitted("user:*01", "order:*:*");
for (boolean b : permitted) {
System.out.println(b);
}
boolean permittedAll = subject.isPermittedAll("user:*01", "order:*:*");
System.out.println(permittedAll);
}
}
}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String principal = (String) principals.getPrimaryPrincipal();
System.out.println("======");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// info
info.addRole("admin");
info.addRole("user");
// 将数据库中查询权限信息赋值给权限对象
info.addStringPermission("user:*:*");
info.addStringPermission("product:create");
return info;
}
2.1 角色
基于角色的权限控制
- 基于单角色的权限控制 subject.hasRole()
- 基于多角色的权限控制
- 如果只判断是否拥有一个角色,可以利用subject.hasRoles()得到Boolean类型数组,通过循环来实现
// 1.基于角色的权限控制
System.out.println(subject.hasRole("super"));
// 基于多角色权限控制
// Arrays.asList ==> ArrayList list = new ArrayList(); list.add("admin");list.add("user"); 知道的忽略本条注释
System.out.println(subject.hasAllRoles(Arrays.asList("admin", "user")));
System.out.println("==");
// 判断多角色只有其中一个
boolean[] booleans = subject.hasRoles(Arrays.asList("admin", "super", "user"));
for (boolean aBoolean : booleans) {
System.out.println(aBoolean);
}
Realm中
info.addRole("admin");
info.addRole("user");
2.2 资源
基于资源的权限控制
- 权限控制支持通配符*
- 可以省略通配符来表示*,例如user: * => user: * : *
- 如果数据库中查询的权限满足测试中的权限,即为通过访问该资源,否则不通过
// 基于权限字符串的权限控制 资源标识符:操作:资源类型
System.out.println("权限:" + subject.isPermitted("user:*:01"));
System.out.println("权限:" + subject.isPermitted("product:create:*"));
boolean[] permitted = subject.isPermitted("user:*01", "order:*:*");
for (boolean b : permitted) {
System.out.println(b);
}
boolean permittedAll = subject.isPermittedAll("user:*01", "order:*:*");
System.out.println(permittedAll);
Realm中
info.addStringPermission("user:*:*");
info.addStringPermission("product:create");