码迷,mamicode.com
首页 > 其他好文 > 详细

hahahahah

时间:2015-05-19 18:54:05      阅读:153      评论:0      收藏:0      [点我收藏+]

标签:

dsfsefesfsffsfsfsfsfesfsfsfsfsfsfspackage realm;

?

import java.util.ArrayList;

import java.util.List;

?

import org.apache.commons.lang3.builder.ReflectionToStringBuilder;

import org.apache.commons.lang3.builder.ToStringStyle;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authz.AuthorizationException;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.session.Session;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.subject.Subject;

import org.springframework.beans.factory.annotation.Autowired;

?

import utils.StrUtils;

?

import com.jxzg.mvc.web.entitys.user.Role;

import com.jxzg.mvc.web.entitys.user.RoleRight;

import com.jxzg.mvc.web.entitys.user.User;

import com.jxzg.mvc.web.service.user.IUserManager;

?

public class MyRealm extends AuthorizingRealm {

?

????@Autowired

????private IUserManager userManager;

?

????/**

???? * 为当前登录的Subject授予角色和权限

???? * @see 经测试:本例中该方法的调用时机为用户登录后,被调用

???? */

????@Override

????protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

????????// 获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()

????????String currentUsername = (String) super.getAvailablePrincipal(principals);

????????List<String> roleList = new ArrayList<String>();

????????List<String> permissionList = new ArrayList<String>();

????????// 从数据库中获取当前登录用户的详细信息

????????User user = userManager.getByUsername(currentUsername);

????????if (null != user) {

????????????// 实体类User中包含有用户角色的实体类信息

????????????if (null != user.getRole()) {

????????????????// 获取当前登录用户的角色

????????????????Role role = user.getRole();

????????????????roleList.add(role.getName());

????????????????//如果是超级管理员直接赋予所有权限

????????????????if(role.getName().equals("admin")){

????????????????????permissionList.add("user");

????????????????????permissionList.add("school");

????????????????}

????????????????

????????????????else{

????????????????????// 实体类Role中包含有角色权限的实体类信息

????????????????????if (null != role.getRights() && role.getRights().size() > 0) {

????????????????????????// 获取权限

????????????????????????for (RoleRight pmss : role.getRights()) {

????????????????????????????if(pmss.isFlag()){

????????????????????????????????if (!StrUtils.isNullOrEmpty(pmss.getRight())) {

????????????????????????????????????permissionList.add(pmss.getRight().getName());

????????????????????????????????}

????????????????????????????}

????????????????????????}

????????????????????}

????????????????}

????????????}

????????} else {

????????????throw new AuthorizationException();

????????}

????????// 为当前用户设置角色和权限

????????SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();

????????simpleAuthorInfo.addRoles(roleList);

????????simpleAuthorInfo.addStringPermissions(permissionList);

????????return simpleAuthorInfo;

????}

?

????/**

???? * 验证当前登录的Subject

???? * @see 经测试:本例中该方法的调用时机为LoginController.login()方法中执行Subject.login()时

???? */

????@Override

????protected AuthenticationInfo doGetAuthenticationInfo(

????????????AuthenticationToken authcToken) throws AuthenticationException {

????????// 获取基于用户名和密码的令牌

????????// 实际上这个authcToken是从LoginController里面currentUser.login(token)传过来的

????????// 两个token的引用都是一样的

????????UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

????????System.out.println("验证当前Subject时获取到token为"

????????????????+ ReflectionToStringBuilder.toString(token,

????????????????????????ToStringStyle.MULTI_LINE_STYLE));

????????User user = userManager.getByUsername(token.getUsername());

????????if (null != user) {

????????????AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(

????????????????????user.getUserName(), user.getPass(), user.getNickName());

????????????this.setSession("currentUser", user);

????????????return authcInfo;

????????} else {

????????????return null;

????????}

????}

?

????/**

???? * 将一些数据放到ShiroSession中,以便于其它地方使用

???? * @see 比如Controller,使用时直接用HttpSession.getAttribute(key)就可以取到

???? */

????private void setSession(Object key, Object value) {

????????Subject currentUser = SecurityUtils.getSubject();

????????if (null != currentUser) {

????????????Session session = currentUser.getSession();

????????????if (null != session) {

????????????????session.setAttribute(key, value);

????????????}

????????}

????}

?

}

hahahahah

标签:

原文地址:http://www.cnblogs.com/shuozi-love/p/4515021.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!