1 .Realm接口
最基础的是Realm接口,CachingRealm负责缓存处理,AuthenticationRealm负责认证,AuthorizingRealm负责授权,通常自定义的realm继承AuthorizingRealm
2 .实现类
此时不需要写shiro.ini
package com.hzt.realm;
import com.domain.ActiveUser;
import com.domain.User;
import com.service.UserService;
import com.service.impl.UserServiceImp;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
public class UserRealm extends AuthorizingRealm {
private UserService userService=new UserServiceImp();
/**
* 作认证
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username=token.getPrincipal().toString();
/**
* 以前登录的逻辑是把用户名和密码都发到数据库去匹配
* shiro里面是现根据用户名把用户对象找出来,再来做密码匹配
*/
User user=userService.queryByUserName(username);
if(null!=user){
//此处应为根据user.getUserName查出来的角色
List<String> roles=new ArrayList<String>();
roles.add("role1");
roles.add("role2");
roles.add("role3");
List<String> permissions=new ArrayList<String>();
permissions.add("user:query");
permissions.add("user:add");
permissions.add("user:update");
permissions.add("user:delete");
//此对象为包含了user,roles,permissions 集合的对象
ActiveUser activeUser=new ActiveUser(user,roles,permissions);
/**
* 参数1 可以传任意对象
* 参数2 从数据库查出来的密码
* 参数3 当前类名
*/
SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(activeUser,user.getPwd(),this.getName());
return info;
}else {
//用户不存在
return null;
}
}
/**
* 做授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取认证中的对象
ActiveUser activeUser= (ActiveUser)principalCollection.getPrimaryPrincipal();
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
//添加角色
Collection<String> roles=activeUser.getRoles();
if (null!=roles&&roles.size()>0){
info.addRoles(roles);
}
//添加权限
Collection<String> permissions=activeUser.getPermissions();
if(null!=permissions&&permissions.size()>0){
info.addStringPermissions(permissions);
}
//判断超级管理员
// if(activeUser.getUser().getType()==0){
// info.addStringPermission("*:*"); //给所有权限
// }
return info;
}
}
3 .测试
第三、四步
package com.hzt.shiro;
import com.hzt.realm.UserRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Arrays;
import java.util.List;
/**
* shiro认证 使用shiro.ini文件
* @author tao
*/
public class TestAuthenticationApp {
private static final transient Logger logger= LoggerFactory.getLogger(TestAuthenticationApp.class);
public static void main(String[] args) {
String username="zhangsan";
String password="123456";
logger.info("MyFirst Apache shiro Application");
//1.创建安全管理器的工厂对象
Factory<SecurityManager> factory=new IniSecurityManagerFactory("classpath:shiro.ini");
//2.使用工厂创建安全管理器,
DefaultSecurityManager securityManager=(DefaultSecurityManager) factory.getInstance();
//3.创建UserRealm
UserRealm realm=new UserRealm();
//4.给securityManager注入userealm
securityManager.setRealm(realm);
//5.把当前的安全管理器绑定到当前线的线程
SecurityUtils.setSecurityManager(securityManager);
//6.使用SecurityUtils.getSubject得到主体对象
Subject subject=SecurityUtils.getSubject();
//7.封装用户名和密码
AuthenticationToken token =new UsernamePasswordToken(username,password);
//得到认证
try {
subject.login(token);
System.out.println("认证通过");
Object principal=subject.getPrincipal();
System.out.println("principal"+principal);
}catch (AuthenticationException e){
System.out.println("用户名或者密码不正确");
}
// subject.logout();//退出的方法
//判断用户是否认证通过
boolean authenticated=subject.isAuthenticated();
System.out.println(authenticated);
//角色判断
boolean hasRole1=subject.hasRole("role1");
System.out.println("是否有角色1"+hasRole1);
//判断集合里面的角色
List<String> roleIdentifiers= Arrays.asList("role1","role2","role3");
boolean[] hasRoles=subject.hasRoles(roleIdentifiers);
for(boolean b:hasRoles){
System.out.println(b);
}
//判断当前用户是否有roleIdentifiers集合里面所有的角色
boolean hasAllRoles=subject.hasAllRoles(roleIdentifiers);
System.out.println(hasAllRoles);
//权限判断
boolean permitted=subject.isPermitted("user:query");
System.out.println("是否拥有query的权限"+permitted);
boolean[] permitted2=subject.isPermitted("user:query","user:add","user:update");
for(boolean b:permitted2){
System.out.println(b);
}
}
}