shiro多Realm分别授权

想看多realm认证的请看

https://blog.csdn.net/u013294097/article/details/90053299

 

多Realm分别授权需要重写

import org.apache.shiro.authz.ModularRealmAuthorizer;

的三个方法：

public boolean isPermitted(PrincipalCollection principals, String permission);

public boolean isPermitted(PrincipalCollection principals, Permission permission);

public boolean hasRole(PrincipalCollection principals, String roleIdentifier);

思路：

多Realm的每个Realm都设置一个名字，这样子，在鉴权的时候拿到名字，确定使用哪个Realm进行授权

1.为Realm设置名字代码：

public class AdminRealm extends AuthorizingRealm {
    @Reference
    private IAdminAuthService adminAuthService;

    private static final String ADMIN_LOGIN_TYPE = LoginType.ADMIN.getName();

    {
        super.setName("admin");//设置realm的名字，非常重要
    }
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        return null;
    }
    
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        return null;
    }
}

2.复写import org.apache.shiro.authz.ModularRealmAuthorizer;方法，实现三个接口

import com.cyjz.util.CommUtil;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.Set;

public class CustomizedModularRealmAuthorizer extends ModularRealmAuthorizer {

    @Override
    public boolean isPermitted(PrincipalCollection principals, String permission) {
        assertRealmsConfigured();
        Set realmNames = principals.getRealmNames();
        //获取realm的名字
        String realmName = realmNames.iterator().next();
        for (Realm realm : getRealms()) {
            if (!(realm instanceof Authorizer)) continue;
            //匹配名字
            if(realmName.equals("admin"))) {
                if (realm instanceof AdminRealm) {
                    return ((AdminRealm) realm).isPermitted(principals, permission);
                }
            }
            if(realmName.equals("user")) {
                if (realm instanceof UserRealm) {
                    return ((UserRealm) realm).isPermitted(principals, permission);
                }
            }
        }
        return false;
    }

    @Override
    public boolean isPermitted(PrincipalCollection principals, Permission permission) {
        assertRealmsConfigured();
        Set realmNames = principals.getRealmNames();
        //获取realm的名字
        String realmName = realmNames.iterator().next();
        for (Realm realm : getRealms()) {
            if (!(realm instanceof Authorizer)) continue;
            //匹配名字
            if(realmName.equals("admin"))) {
                if (realm instanceof AdminRealm) {
                    return ((AdminRealm) realm).isPermitted(principals, permission);
                }
            }
            //匹配名字
            if(realmName.equals("user"))) {
                if (realm instanceof UserRealm) {
                    return ((UserRealm) realm).isPermitted(principals, permission);
                }
            }
        }
        return false;    }

    @Override
    public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
        assertRealmsConfigured();
        Set realmNames = principals.getRealmNames();
        //获取realm的名字
        String realmName = realmNames.iterator().next();
        for (Realm realm : getRealms()) {
            if (!(realm instanceof Authorizer)) continue;
            //匹配名字
            if(realmName.equals("admin"))) {
                if (realm instanceof AdminRealm) {
                    return ((AdminRealm) realm).hasRole(principals, roleIdentifier);
                }
            }
            //匹配名字
            if(realmName.equals("admin"))) {
                if (realm instanceof UserRealm) {
                    return ((UserRealm) realm).hasRole(principals, roleIdentifier);
                }
            }
        }
        return false;
    }
}

我这里使用的是springboot，需要在shiroconfig里面的securityManager添加进这个自定义的CustomizedModularRealmAuthorizer

    @Bean
    public DefaultWebSecurityManager securityManager(UserRealm customRealm, AdminRealm adminRealm, DefaultWebSessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        List realms = new ArrayList<>();
        realms.add(customRealm);
        realms.add(adminRealm);
        securityManager.setRealms(realms);
        securityManager.setSessionManager(sessionManager);
        securityManager.setCacheManager(new RedisCacheManager());
        //====================多realm授权核心代码===================
        CustomizedModularRealmAuthorizer authorizer = new CustomizedModularRealmAuthorizer();
        authorizer.setRealms(realms);
        securityManager.setAuthorizer(authorizer);
        //====================多realm授权核心代码===================
        return securityManager;
    }

 

 

 

如果觉得本文对您有所帮助，欢迎您扫码下图所示的支付宝和微信支付二维码对本文进行随意打赏。您的支持将鼓励我继续创作