自定义Realm用于授权

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/qq_38087648/article/details/80003834

授权流程

1. 对subject进行授权，调用方法isPermitted(“permitted串”)
2. SecurityManager执行授权，通过ModularRealmAuthorizer执行授权
3. ModularRealmAuthorizer执行realm(自定义的CustomRealm)从数据库中查询权限数据，调用realm的授权方法:daGetAuthorizationInfo
4. realm从数据库查询权限数据，返回ModularRealmAuthorizer
5. ModularRealmAuthorizer调用PermissionResolver进行权限串对比
6. 如果对比后，isPermitted中”permission串”在realm查询到权限数据中，说明用户访问permission串有权限，否则没有权限，抛出异常

CustomRealm

//用于授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        // TODO Auto-generated method stub
        //从principals获取主身份信息
        //将getPrimaryPrincipal方法返回值转为真实身份信息(在上边的doGetAuthecticationInfo认证通过填充到SimpleAuthenticationInfo)
        String userCode = (String)principals.getPrimaryPrincipal();
        //根据信息获取权限信息
        //连接数据库。。。
        //模拟从数据库获取到数据
        List<String> permissions = new ArrayList<String>();
        permissions.add("user:create");
        permissions.add("items:add");
        //...

        //查询到权限数据，返回
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        //将上边查询到授权信息填充到simpleAuthorizationInfo对象中
        simpleAuthorizationInfo.addStringPermissions(permissions);      
        return simpleAuthorizationInfo;
    }

ini配置文件

[main]
#自定义realm
customRealm=cn.dinggc.shiro.realm.CustomRealm
#将realm设置到securityManager,相当于spring注入
securityManager.realms=$customRealm

测试代码

@Test
    public void testAuthorizationCustomRealm() {
    // 创建securityManager工厂，用过ini配置文件创建securityManager工厂
            Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-realm.ini");
            SecurityManager securityManager = factory.getInstance();
            SecurityUtils.setSecurityManager(securityManager);
            Subject subject = SecurityUtils.getSubject();
            UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "111111");
            try {
                subject.login(token);
            } catch (AuthenticationException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            System.out.println("认证状态 : " + subject.isAuthenticated());
            //认证通过后执行授权

            //基于角色的授权
            //hasRole传入角色标识
            boolean ishasRole = subject.hasRole("role1");
            System.out.println("单个角色判断"+ishasRole);
            //hasAllRoles是否拥有多个角色
            boolean hasAllRoles = subject.hasAllRoles(Arrays.asList("role1","role2"));
            System.out.println("单多个角色判断"+hasAllRoles);
            //基于资源的授权
            //isPermitted传入权限标识符
            boolean isPermitted = subject.isPermitted("user:create");
            System.out.println("单个权限判断"+isPermitted);
            boolean isPermittedAll = subject.isPermittedAll("user:create:1","user:update");
            System.out.println("多个权限判断"+isPermittedAll);
            subject.checkPermission("items:create");
    }