Shiro入门（七）自定义Realm的授权

版权声明：程序猴jwang版权所有 https://blog.csdn.net/qq_21046965/article/details/90113017

前言

      本章学习自定义Realm的授权方式

方法

1.概念

1）关于授权流程的源码剖析，希望读者自行根据登陆验证的模式进行查阅

2）关于JdbcRealm的授权方式，希望读者自行编写

由于JdbcRealm的授权方式受限于表，一般情况下我们都使用自定义的realm来进行授权操作。

2.编码实现

1）编写shiro.ini文件如下

[main]
myJdbcRealm = cn.edu.ccut.test.MyJdbcRealm
securityManager.realms = $myJdbcRealm

2）编写MyJdbcRealm.java

在之前登陆验证的自定义realm讲解中，我们就已经使用了这个类，这里我们继续使用。

我们需要重写其doGetAuthorizationInfo方法来进行授权。

package cn.edu.ccut.test;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import java.util.HashSet;
import java.util.Set;

/**
 * @Auther:jwang
 * @Date:2019/5/11
 * @Description:cn.edu.ccut.test
 * @Version 1.0
 **/
public class MyJdbcRealm extends AuthorizingRealm {

    @Override
    public String getName() {
        return "MyJdbcRealm";
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String username = (String) getAvailablePrincipal(principals);
        //假设通过username取出角色为role1，jdbc代码略
        Set<String> roleNames = new HashSet<>();
        roleNames.add("role1");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        String username = upToken.getUsername();
        //假设通过username取出密码为1234，jdbc代码略
        String password = "1234";
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, password.toCharArray(), getName());
        return info;
    }
}

3）编写测试代码

package cn.edu.ccut.test;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.apache.shiro.mgt.SecurityManager;

/**
 * @Auther:jwang
 * @Date:2019/5/8
 * @Description:cn.edu.ccut.test
 * @Version 1.0
 **/
public class Authentication {

    public static void main(String [] args){
        //创建SecurityManager工厂
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
        //通过SecurityManager工厂获取SecurityManager实例
        SecurityManager securityManager = factory.getInstance();
        //将SecurityManager对象设置到运行环境中
        SecurityUtils.setSecurityManager(securityManager);
        //通过SecurityUtils获取主体Subject
        Subject currentUser = SecurityUtils.getSubject();
        //设置用户名和密码
        String username = "zhangsan";
        String password = "1234";
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        //进行用户身份验证
        try {
            currentUser.login(token);
            //如果用户认证成功
            if (currentUser.isAuthenticated()) {
                System.out.println("用户["+username+","+password+"]登录成功！");
                //判断用户是否拥有角色role1
                System.out.println(currentUser.hasRole("role1"));
            }
        }catch (AuthenticationException e){
            e.printStackTrace();
            System.out.println("用户["+username+","+password+"]登录失败！");
        }

    }
}

程序运行结果如下：

可见，zhangsan这个用户拥有角色role1