shiro中通过返回更多用户信息

阅读更多

 

 

shiro中通过返回更多用户信息

 

 

在重写的AuthorizingRealm中方法doGetAuthenticationInfo中传入封装的用户实体即可。

 

UserDetails userDetails=null;

 

                try {

                    userDetails = this.userDetailsService.loadUserByUsername(token1.getUsername());

                } catch (UsernameNotFoundException notFound) {

 

                    return null;

                }

 

AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(userDetails, userDetails.getPassword(),getName());

 

 

 

示例：

 

 

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package com.common.shrio;

import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import com.hanker.config.ConfigInfo;
import com.opensymphony.xwork2.ActionContext;
import core.apps.rbac.login.UserDetailsBean;
import core.session.filter.RemoteSessionRequest;
import core.session.manager.WebSession;
import core.session.manager.WebSessionManager;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.struts2.ServletActionContext;
import org.springframework.beans.factory.annotation.Autowired;

import core.apps.rbac.entity.RoleSkillBTEntity;
import core.apps.rbac.manage.service.UserService;
import core.apps.rbac.vo.SelectRoleVO;
import core.db.dao.IBaseService;

import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


/**
 * 几个概念�? 翻译不好,从官方上找来的原�?. 如果不懂�? 使用 “有道词典�?��?�来源于�? http://shiro.apache.org/java-authentication-guide.html
 * 
 * Subject        Security specific user 'view' of an application user. It can be a human being, a third-party process, 
 *                 a server connecting to you application application, or even a cron job. Basically, it is anything or 
 *                 anyone communicating with your application.
 * 
 * Principals  A subjects identifying attributes. First name, last name, social security number, username
 * 
 * Credentials secret data that are used to verify identities. Passwords, Biometric data, x509 certificates,
 * 
 * Realms     Security specific DAO, data access object, software component that talkts to a backend data source. 
 *              If you have usernames and password in LDAP, then you would have an LDAP Realm that would communicate 
 *              with LDAP. The idea is that you would use a realm per back-end data source and Shiro would know how 
 *              to coordinate with these realms together to do what you have to do.
 * 
 * @author fq1798
 *
 */
public class ShiroDbRealm extends AuthorizingRealm {
   @Autowired
   private UserDetailsService userDetailsService;
   
   @Autowired(required = false)
   private UserService userService ;
   
   @Autowired(required = false)
   private IBaseService baseService ;

   @Override
   protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
      
      //得到 doGetAuthenticationInfo 方法中传入的凭证
UserDetails shiroUser = (UserDetails) principals.fromRealm(getName()).iterator().next();
      
      List roleList = new ArrayList();
      List permissionList = new ArrayList();
      String userName = shiroUser.getUsername();
//    if(StringUtils.equals("20160606", userName)) {
List selectedRoleList = new ArrayList();
      if(null!=shiroUser){
         selectedRoleList = this.userService.findUserRoleListbyUserId(shiroUser.getUsername(), true);
         if (null != selectedRoleList && selectedRoleList.size() > 0) {
         for(SelectRoleVO r: selectedRoleList){
            roleList.add(r.getRoleId());
//          List roleSkillBTEntity = baseService.findObjects(RoleSkillBTEntity.class, "roleId", r.getRoleId());
            
String sql = "SELECT b.*,s.URL from s_rbac_roleskillb  b ,s_rbac_skill s WHERE b.SKILLID=s.SKILLID AND b.ROLEID='"+r.getRoleId()+"'";
              List