码迷,mamicode.com
首页 > 其他好文 > 详细

是撒大大大

时间:2015-05-19 18:35:51      阅读:129      评论:0      收藏:0      [点我收藏+]

标签:

  1. package realm;
  2. ?
  3. import java.util.ArrayList;
  4. import java.util.List;
  5. ?
  6. import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
  7. import org.apache.commons.lang3.builder.ToStringStyle;
  8. import org.apache.shiro.SecurityUtils;
  9. import org.apache.shiro.authc.AuthenticationException;
  10. import org.apache.shiro.authc.AuthenticationInfo;
  11. import org.apache.shiro.authc.AuthenticationToken;
  12. import org.apache.shiro.authc.SimpleAuthenticationInfo;
  13. import org.apache.shiro.authc.UsernamePasswordToken;
  14. import org.apache.shiro.authz.AuthorizationException;
  15. import org.apache.shiro.authz.AuthorizationInfo;
  16. import org.apache.shiro.authz.SimpleAuthorizationInfo;
  17. import org.apache.shiro.realm.AuthorizingRealm;
  18. import org.apache.shiro.session.Session;
  19. import org.apache.shiro.subject.PrincipalCollection;
  20. import org.apache.shiro.subject.Subject;
  21. import org.springframework.beans.factory.annotation.Autowired;
  22. ?
  23. import utils.StrUtils;
  24. ?
  25. import com.jxzg.mvc.web.entitys.user.Role;
  26. import com.jxzg.mvc.web.entitys.user.RoleRight;
  27. import com.jxzg.mvc.web.entitys.user.User;
  28. import com.jxzg.mvc.web.service.user.IUserManager;
  29. ?
  30. public class MyRealm extends AuthorizingRealm {
  31. ?
  32. ???@Autowired
  33. ???private IUserManager userManager;
  34. ?
  35. ???/**
  36. ????* 为当前登录的Subject授予角色和权限
  37. ????* @see 经测试:本例中该方法的调用时机为用户登录后,被调用
  38. ????*/
  39. ???@Override
  40. ???protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
  41. ??????// 获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()
  42. ??????String currentUsername = (String) super.getAvailablePrincipal(principals);
  43. ??????List<String> roleList = new ArrayList<String>();
  44. ??????List<String> permissionList = new ArrayList<String>();
  45. ??????// 从数据库中获取当前登录用户的详细信息
  46. ??????User user = userManager.getByUsername(currentUsername);
  47. ??????if (null != user) {
  48. ?????????// 实体类User中包含有用户角色的实体类信息
  49. ?????????if (null != user.getRole()) {
  50. ????????????// 获取当前登录用户的角色
  51. ????????????Role role = user.getRole();
  52. ????????????roleList.add(role.getName());
  53. ????????????//如果是超级管理员直接赋予所有权限
  54. ????????????if(role.getName().equals("admin")){
  55. ???????????????permissionList.add("user");
  56. ???????????????permissionList.add("school");
  57. ????????????}
  58. ?
  59. ????????????else{
  60. ???????????????// 实体类Role中包含有角色权限的实体类信息
  61. ???????????????if (null != role.getRights() && role.getRights().size() > 0) {
  62. ??????????????????// 获取权限
  63. ??????????????????for (RoleRight pmss : role.getRights()) {
  64. ?????????????????????if(pmss.isFlag()){
  65. ????????????????????????if (!StrUtils.isNullOrEmpty(pmss.getRight())) {
  66. ???????????????????????????permissionList.add(pmss.getRight().getName());
  67. ????????????????????????}
  68. ?????????????????????}
  69. ??????????????????}
  70. ???????????????}
  71. ????????????}
  72. ?????????}
  73. ??????} else {
  74. ?????????throw new AuthorizationException();
  75. ??????}
  76. ??????// 为当前用户设置角色和权限
  77. ??????SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
  78. ??????simpleAuthorInfo.addRoles(roleList);
  79. ??????simpleAuthorInfo.addStringPermissions(permissionList);
  80. ??????return simpleAuthorInfo;
  81. ???}
  82. ?
  83. ???/**
  84. ????* 验证当前登录的Subject
  85. ????* @see 经测试:本例中该方法的调用时机为LoginController.login()方法中执行Subject.login()时
  86. ????*/
  87. ???@Override
  88. ???protected AuthenticationInfo doGetAuthenticationInfo(
  89. ?????????AuthenticationToken authcToken) throws AuthenticationException {
  90. ??????// 获取基于用户名和密码的令牌
  91. ??????// 实际上这个authcToken是从LoginController里面currentUser.login(token)传过来的
  92. ??????// 两个token的引用都是一样的
  93. ??????UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
  94. ??????System.out.println("验证当前Subject时获取到token为"
  95. ????????????+ ReflectionToStringBuilder.toString(token,
  96. ??????????????????ToStringStyle.MULTI_LINE_STYLE));
  97. ??????User user = userManager.getByUsername(token.getUsername());
  98. ??????if (null != user) {
  99. ?????????AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(
  100. ???????????????user.getUserName(), user.getPass(), user.getNickName());
  101. ?????????this.setSession("currentUser", user);
  102. ?????????return authcInfo;
  103. ??????} else {
  104. ?????????return null;
  105. ??????}
  106. ???}
  107. ?
  108. ???/**
  109. ????* 将一些数据放到ShiroSession中,以便于其它地方使用
  110. ????* @see 比如Controller,使用时直接用HttpSession.getAttribute(key技术分享)就可以取到
  111. ????*/
  112. ???private void setSession(Object key, Object value) {
  113. ??????Subject currentUser = SecurityUtils.getSubject();
  114. ??????if (null != currentUser) {
  115. ?????????Session session = currentUser.getSession();
  116. ?????????if (null != session) {
  117. ????????????session.setAttribute(key, value);
  118. ?????????}
  119. ??????}
  120. ???}
  121. ?
  122. }

?

?

是撒大大大

标签:

原文地址:http://www.cnblogs.com/shuozi-love/p/4515100.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!