项目结构如下:
CustomRealm.java
package com.xiangshuai.shiro.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
/**
* @author lqx
* @create 2019-03-05 23:21
* 自定义Realm 参考JdbcRealm 实现AuthorizingRealm来完成,不过从数据中获得的比对数据全部用Map代替
* 实现两个方法 doGetAuthorizationInfo 用来授权 doGetAuthenticationInfo 用来验证
*
* <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>xiangshuai-shiro</artifactId>
<groupId>com.xiangshuai</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>shiro-test</artifactId>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>RELEASE</version>
</dependency>
<!-- shiro核心包 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<!--JdbcReals需从数据库获取数据 mysql连接驱动 -->
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.46</version>
</dependency>
<!-- JdbcReals需从数据库获取数据 数据库连接池 -->
<!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.10</version>
</dependency>
</dependencies>
</project>
文件在
E:\学习文档子目录压缩\框架\shiro\shiro安全框架入门\复习步骤5-获取权限数据CustomRealm提供subject桥梁 - 用集合用户权限角色等信息-shiro不加密\shiro-test.rar
或 我的网盘/我的笔记/学习文档子目录压缩/框架/shiro/shiro安全框架入门/复习步骤5-获取权限数据CustomRealm提供subject桥梁 - 用集合用户权限角色等信息-shiro不加密/shiro-test.rar
*
*
*
*
*/
public class CustomRealm extends AuthorizingRealm {
HashMap<String, String> upMap = new HashMap<>();
{
//构造代码块每次创建对象构造方法调用前都会被调用
upMap.put("xiaomi","123456");
super.setName("customRealm");
}
//做权限用的 -- 将用户的权限验证对象返回
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获得用户名
String userName = (String) principalCollection.getPrimaryPrincipal();
//根据用户名获得 用户角色,用户权限,本来要从数据库中获取,这里测试直接从我们自己造的Set中获取
Set<String> permissions = getPermissionByUsername(userName);
Set<String> roles = getRolesByUsername(userName);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(roles);
authorizationInfo.setStringPermissions(permissions);
return authorizationInfo;//将用户的权限验证对象返回
}
//做认证用的 -- 认证就是看用subject户名和密码在Realm是否存在 --将用户的认证对象AuthenticationInfo返回
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//从主体传过来的信息中获取用户名
String username= (String) authenticationToken.getPrincipal();
//根据用户名获得 密码,本来要从数据库中获取,这里测试直接从我们自己造的Map中获取
String password= getPasswordByUsername(username);
if(password==null){
return null;
}
//"customRealm" 是AuthorizingRealm中setName好的
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo("xiaomi", password, "customRealm");
return authenticationInfo;//将用户的认证对象AuthenticationInfo返回
}
public String getPasswordByUsername(String username){
String password = upMap.get(username);
return password;
}
public Set<String> getRolesByUsername(String username){
Set<String> roles = new HashSet<String>();
roles.add("admin");
roles.add("sjy");
return roles;
}
public Set<String> getPermissionByUsername(String username){
Set<String> permissions = new HashSet<String>();
permissions.add("user:select");
permissions.add("user:update");
return permissions;
}
}
CustomRealmTest.java
package com.xiangshuai.shiro.realm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
/**
* @author lqx
* @create 2019-03-06 15:17
* 件在
E:\学习文档子目录压缩\框架\shiro\shiro安全框架入门\复复习步骤5-获取权限数据CustomRealm提供subject桥梁 - 用集合用户权限角色等信息-shiro不加密\shiro-test.rar
或 我的网盘/我的笔记/学习文档子目录压缩/框架/shiro/shiro安全框架入门/复习步骤5-获取权限数据CustomRealm提供subject桥梁 - 用集合用户权限角色等信息-shiro不加密/shiro-test.rar
*
*/
public class CustomRealmTest {
@Test
public void testCustomRealmTest(){
CustomRealm customRealm = new CustomRealm();
//创建SecurityManger环境,添加自定义Reals到创建SecurityManger环境中
DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
defaultSecurityManager.setRealm(customRealm);
//主体Subject主动提交认证请求
SecurityUtils.setSecurityManager(defaultSecurityManager);
Subject subject = SecurityUtils.getSubject();
// 给subject主体里面加 登录token
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("xiaomi","123456");
subject.login(usernamePasswordToken);
//Reals 对subject和数据库(这里事模拟的)进行比对,看是否能通过验证 --true
System.out.println("subject是否通过认证:"+subject.isAuthenticated());
System.out.println("subject是否通过认证:"+subject.hasRole("admin"));//subject是否有admin角色
subject.checkPermissions("user:select","user:update");//subject是否有"user:select","user:update"权限
}
}