Apache Shiro 权限控制 使用自定义的JdbcRealm(3)

其他 2018-11-30 01:35:33 阅读次数: 0

使用自定义的realm 时需要配置shiro.ini 文件 以及建一个类  MyJdbcRealm  继承自  AuthorizingRealm 重写其中的两个方法

        /**
	 * 登录验证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		// TODO Auto-generated method stub
               return null;
        }
        /**
	 * 为当前登录的用户授予角色和权限
	 */ 
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
            return null;
        }

在shiro中配置

[main]
authc.loginUrl=/login
roles.unauthorizedUrl=/unauthorized.jsp
perms.unauthorizedUrl=/unauthorized.jsp
myRealm=com.taisen.realm.MyJdbcRealm
securityManager.realms=$myRealm
[urls]
/login=anon
/admin=authc
/student=roles[teacher]

/teacher=perms["teacher:query","teacher:add"]


下面是具体的实现方法:

需要连接数据库  DBUtil

public class DBUtil {
	
	private static final String username = "root";
	private static final String password = "root";
	private static final String className = "com.mysql.jdbc.Driver";
	private static final String url = "jdbc:mysql://localhost:3306/db_shiro?useUnicode=true&characterEncoding=utf8&useSSL=false";
	
	public static Connection conn = null;
	public static PreparedStatement pstmt = null;
	
	public static Connection getConnection() throws Exception{
		Class.forName(className);
		conn = DriverManager.getConnection(url, username, password);
		return conn;
	}
	
	public static void close(Connection conn,PreparedStatement pstmt,ResultSet rs) throws SQLException{
		conn.close();
		pstmt.close();
		if(rs != null){
			rs.close();
		}
	}
	
	public static void close(Connection conn,PreparedStatement pstmt) throws SQLException{
		close(conn,pstmt,null);
	}
	
	public static void main(String[] args) {
		try {
			Connection conn = getConnection();
			if(conn != null){
				System.out.println("数据库连接成功!");
			}
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}

}

操作数据库UserDao:

public class UserDao {
	
	private Connection connection;
	
	public UserDao() throws Exception {
		// TODO Auto-generated constructor stub
		connection = DBUtil.getConnection();
	}
	
	public User getByUserName(String userName) throws Exception{
		User resultUser = null;
		
		String sql = "select * from t_user where userName = ?";
		PreparedStatement pstmt = connection.prepareStatement(sql);
		pstmt.setString(1, userName);
		ResultSet rs = pstmt.executeQuery();
		if(rs.next()){
			resultUser = new User();
			resultUser.setId(rs.getInt("id"));
			resultUser.setUserName(rs.getString("userName"));
			resultUser.setPassword(rs.getString("password"));
		}
		DBUtil.close(connection, pstmt,rs);
		return resultUser;
	}
	
	/*public static void main(String[] args) throws Exception {
		UserDao userDao = new UserDao();
		User user = userDao.getByUserName("java");
		System.out.println(user);
	}*/
	
	
	/**
	 * 根据userName 获取到roles
	 * @param userName
	 * @return
	 * @throws SQLException 
	 */
	public Set<String> getRoles(String userName) throws SQLException {
		Set roles = new HashSet();
		String sql = "select * from t_role r LEFT JOIN t_user u on r.id = u.role_id where u.userName = ?";
		PreparedStatement pstmt = connection.prepareStatement(sql);
		pstmt.setString(1, userName);
		ResultSet rs = pstmt.executeQuery();
		if(rs.next()){
			roles.add(rs.getString("roleName"));
		}
		return roles;
	}
	
	/**
	 * 根据传入的userName 返回得到的perms
	 * @param object
	 * @return
	 * @throws SQLException 
	 */
	public Set<String> getPerms(String userName) throws SQLException {
		Set permissions = new HashSet();
		String sql = "select * from t_user u,t_role r,t_permission p where u.role_id = r.id and p.role_id = r.id and u.userName = ?";
		PreparedStatement pstmt = connection.prepareStatement(sql);
		pstmt.setString(1, userName);
		ResultSet rs = pstmt.executeQuery();
		if(rs.next()){
			permissions.add(rs.getString("permissionName"));
		}
		DBUtil.close(connection, pstmt, rs);
		return permissions;
	}

}

重点 MyJdbcRealm。  在点击登录按钮后后到Controller中的login方法  调用subject.login(token)方法时会调用下面的自定义

Realm

public class MyJdbcRealm extends AuthorizingRealm{
	
	/**
	 * 登录验证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		// TODO Auto-generated method stub
		AuthenticationInfo auth = null;
		try {
			UserDao userdao = new UserDao();
			String username = (String) token.getPrincipal(); //获取到userName
			User user = userdao.getByUserName(username);
			if(user != null){
				auth = new SimpleAuthenticationInfo(username, user.getPassword(),"XX");
				return auth;
			}
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
			return auth;
		}
		return auth;
	}
	
	
	/**
	 * 为当前登录的用户授予角色和权限
	 */ 
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		String userName = (String)principals.getPrimaryPrincipal();
		UserDao userdao;
		SimpleAuthorizationInfo auth = null;
		try {
			userdao = new UserDao();
			auth = new SimpleAuthorizationInfo();
			auth.setRoles(userdao.getRoles(userName));
			auth.setStringPermissions(userdao.getPerms(userName));
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		
		return auth;
	}
	

}
每次发起请求时都会验证权限。

猜你喜欢

转载自blog.csdn.net/csdn_wangchen/article/details/79391368
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
循环神经网络(rnn)讲解
Tigao教程四:单独的关节运动
金蝶K3WISE15.0-注册套打教程
如何在Mac上配置Kubernetes
Android应用结束自身进程的方法
SpringMVC学习 十三 拦截器栈
中国驻洛杉矶总领馆举行新春招待会
HttpClient get post 发送
11 - three.js 笔记 - 绘制三维字体模型
Mysql递归获取某个父节点下面的所有子节点和子节点上的所有父节点
每日归档
更多
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022