shiro中通过返回更多用户信息
在重写的AuthorizingRealm中方法doGetAuthenticationInfo中传入封装的用户实体即可。
UserDetails userDetails=null;
try {
userDetails = this.userDetailsService.loadUserByUsername(token1.getUsername());
} catch (UsernameNotFoundException notFound) {
return null;
}
AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(userDetails, userDetails.getPassword(),getName());
示例:
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package com.common.shrio;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import com.hanker.config.ConfigInfo;
import com.opensymphony.xwork2.ActionContext;
import core.apps.rbac.login.UserDetailsBean;
import core.session.filter.RemoteSessionRequest;
import core.session.manager.WebSession;
import core.session.manager.WebSessionManager;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.struts2.ServletActionContext;
import org.springframework.beans.factory.annotation.Autowired;
import core.apps.rbac.entity.RoleSkillBTEntity;
import core.apps.rbac.manage.service.UserService;
import core.apps.rbac.vo.SelectRoleVO;
import core.db.dao.IBaseService;
import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 几个概念�? 翻译不好,从官方上找来的原�?. 如果不懂�? 使用 “有道词典�?��?�来源于�? http://shiro.apache.org/java-authentication-guide.html
*
* Subject Security specific user 'view' of an application user. It can be a human being, a third-party process,
* a server connecting to you application application, or even a cron job. Basically, it is anything or
* anyone communicating with your application.
*
* Principals A subjects identifying attributes. First name, last name, social security number, username
*
* Credentials secret data that are used to verify identities. Passwords, Biometric data, x509 certificates,
*
* Realms Security specific DAO, data access object, software component that talkts to a backend data source.
* If you have usernames and password in LDAP, then you would have an LDAP Realm that would communicate
* with LDAP. The idea is that you would use a realm per back-end data source and Shiro would know how
* to coordinate with these realms together to do what you have to do.
*
* @author fq1798
*
*/
public class ShiroDbRealm extends AuthorizingRealm {
@Autowired
private UserDetailsService userDetailsService;
@Autowired(required = false)
private UserService userService ;
@Autowired(required = false)
private IBaseService baseService ;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//得到 doGetAuthenticationInfo 方法中传入的凭证
UserDetails shiroUser = (UserDetails) principals.fromRealm(getName()).iterator().next();
List roleList = new ArrayList();
List permissionList = new ArrayList();
String userName = shiroUser.getUsername();
// if(StringUtils.equals("20160606", userName)) {
List selectedRoleList = new ArrayList();
if(null!=shiroUser){
selectedRoleList = this.userService.findUserRoleListbyUserId(shiroUser.getUsername(), true);
if (null != selectedRoleList && selectedRoleList.size() > 0) {
for(SelectRoleVO r: selectedRoleList){
roleList.add(r.getRoleId());
// List roleSkillBTEntity = baseService.findObjects(RoleSkillBTEntity.class, "roleId", r.getRoleId());
String sql = "SELECT b.*,s.URL from s_rbac_roleskillb b ,s_rbac_skill s WHERE b.SKILLID=s.SKILLID AND b.ROLEID='"+r.getRoleId()+"'";
List