根据debug 来的源代码,
我先来截图,说明一下基于配置文件中的的Realm 。
其中最关键的部分为:SimpleAccountRealm 这一部分。
/** * Returns <code>true</code> if any of the configured realms' * {@link #isPermitted(org.apache.shiro.subject.PrincipalCollection, String)} returns <code>true</code>, * <code>false</code> otherwise. */ public boolean isPermitted(PrincipalCollection principals, String permission) { assertRealmsConfigured(); for (Realm realm : getRealms()) { if (!(realm instanceof Authorizer)) continue; if (((Authorizer) realm).isPermitted(principals, permission)) { return true; } } return false; }
org.apache.shiro.realm.AuthorizingRealm extends AuthenticatingRealmimplements Authorizer, Initializable, PermissionResolverAware, RolePermissionResolverAware
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------以上代码为:Realm 拿到 AuthorizationInfo ,通过 Permission,AuthorizationInfo 权限认定
AuthorizationInfo info = getAuthorizationInfo(principals); info中已经包含了user 的role 和 操作。
org.apache.shiro.realm.AuthorizingRealm extends AuthenticatingRealmimplements Authorizer, Initializable, PermissionResolverAware, RolePermissionResolverAware
protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) { if (principals == null) { return null; } AuthorizationInfo info = null; if (log.isTraceEnabled()) { log.trace("Retrieving AuthorizationInfo for principals [" + principals + "]"); } Cache<Object, AuthorizationInfo> cache = getAvailableAuthorizationCache(); if (cache != null) { if (log.isTraceEnabled()) { log.trace("Attempting to retrieve the AuthorizationInfo from cache."); } Object key = getAuthorizationCacheKey(principals); info = cache.get(key); if (log.isTraceEnabled()) { if (info == null) { log.trace("No AuthorizationInfo found in cache for principals [" + principals + "]"); } else { log.trace("AuthorizationInfo found in cache for principals [" + principals + "]"); } } } if (info == null) { // Call template method if the info was not found in a cache info = doGetAuthorizationInfo(principals); // If the info is not null and the cache has been created, then cache the authorization info. if (info != null && cache != null) { if (log.isTraceEnabled()) { log.trace("Caching authorization info for principals: [" + principals + "]."); } Object key = getAuthorizationCacheKey(principals); cache.put(key, info); } } return info; }其中,doGetAuthorizationInfo(principals);才是真正的 拿到info 对象。
org.apache.shiro.realm.SimpleAccountRealm extends AuthorizingRealm
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String username = getUsername(principals); USERS_LOCK.readLock().lock(); try { return this.users.get(username); } finally { USERS_LOCK.readLock().unlock(); } }
org.apache.shiro.realm.AuthorizingRealm extends AuthenticatingRealmimplements Authorizer, Initializable, PermissionResolverAware, RolePermissionResolverAware
- private boolean isPermitted(Permission permission, AuthorizationInfo info) {
- Collection<Permission> perms = getPermissions(info);
- if (perms != null && !perms.isEmpty()) {
- for (Permission perm : perms) {
- if (perm.implies(permission)) {
- return true;
- }
- }
- }
- return false;
- }
以上代码为: Permission调用implies ,通过自定义实现的Permission,判定权限
其中getPermissions(info) 是通过info 拿到 Permission 的集合。跳进去看看是怎么一回事。
org.apache.shiro.realm.AuthorizingRealm extends AuthenticatingRealmimplements Authorizer, Initializable, PermissionResolverAware, RolePermissionResolverAware
private Collection<Permission> getPermissions(AuthorizationInfo info) { Set<Permission> permissions = new HashSet<Permission>(); if (info != null) { Collection<Permission> perms = info.getObjectPermissions(); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolvePermissions(info.getStringPermissions()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms =<span style="color:#ff0000;"> resolveRolePermissions(info.getRoles());</span> if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } } if (permissions.isEmpty()) { return Collections.emptySet(); } else { return Collections.unmodifiableSet(permissions); } }
private Collection<Permission> resolveRolePermissions(Collection<String> roleNames) { Collection<Permission> perms = Collections.emptySet(); RolePermissionResolver resolver = getRolePermissionResolver(); if (resolver != null && !CollectionUtils.isEmpty(roleNames)) { perms = new LinkedHashSet<Permission>(roleNames.size()); for (String roleName : roleNames) { Collection<Permission> resolved = resolver.resolvePermissionsInRole(roleName); if (!CollectionUtils.isEmpty(resolved)) { perms.addAll(resolved); } } } return perms; }我能说,
RolePermissionResolver resolver = getRolePermissionResolver();拿到的值是null 么?
我把info 中的值给截图看看。
标签:shiro shiro role authorizationinfo