是撒大大大

  1. package realm;
  2.  
  3. import java.util.ArrayList;
  4. import java.util.List;
  5.  
  6. import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
  7. import org.apache.commons.lang3.builder.ToStringStyle;
  8. import org.apache.shiro.SecurityUtils;
  9. import org.apache.shiro.authc.AuthenticationException;
  10. import org.apache.shiro.authc.AuthenticationInfo;
  11. import org.apache.shiro.authc.AuthenticationToken;
  12. import org.apache.shiro.authc.SimpleAuthenticationInfo;
  13. import org.apache.shiro.authc.UsernamePasswordToken;
  14. import org.apache.shiro.authz.AuthorizationException;
  15. import org.apache.shiro.authz.AuthorizationInfo;
  16. import org.apache.shiro.authz.SimpleAuthorizationInfo;
  17. import org.apache.shiro.realm.AuthorizingRealm;
  18. import org.apache.shiro.session.Session;
  19. import org.apache.shiro.subject.PrincipalCollection;
  20. import org.apache.shiro.subject.Subject;
  21. import org.springframework.beans.factory.annotation.Autowired;
  22.  
  23. import utils.StrUtils;
  24.  
  25. import com.jxzg.mvc.web.entitys.user.Role;
  26. import com.jxzg.mvc.web.entitys.user.RoleRight;
  27. import com.jxzg.mvc.web.entitys.user.User;
  28. import com.jxzg.mvc.web.service.user.IUserManager;
  29.  
  30. public class MyRealm extends AuthorizingRealm {
  31.  
  32.    @Autowired
  33.    private IUserManager userManager;
  34.  
  35.    /**
  36.     * 为当前登录的Subject授予角色和权限
  37.     * @see 经测试:本例中该方法的调用时机为用户登录后,被调用
  38.     */
  39.    @Override
  40.    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
  41.       // 获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()
  42.       String currentUsername = (String) super.getAvailablePrincipal(principals);
  43.       List<String> roleList = new ArrayList<String>();
  44.       List<String> permissionList = new ArrayList<String>();
  45.       // 从数据库中获取当前登录用户的详细信息
  46.       User user = userManager.getByUsername(currentUsername);
  47.       if (null != user) {
  48.          // 实体类User中包含有用户角色的实体类信息
  49.          if (null != user.getRole()) {
  50.             // 获取当前登录用户的角色
  51.             Role role = user.getRole();
  52.             roleList.add(role.getName());
  53.             //如果是超级管理员直接赋予所有权限
  54.             if(role.getName().equals("admin")){
  55.                permissionList.add("user");
  56.                permissionList.add("school");
  57.             }
  58.  
  59.             else{
  60.                // 实体类Role中包含有角色权限的实体类信息
  61.                if (null != role.getRights() && role.getRights().size() > 0) {
  62.                   // 获取权限
  63.                   for (RoleRight pmss : role.getRights()) {
  64.                      if(pmss.isFlag()){
  65.                         if (!StrUtils.isNullOrEmpty(pmss.getRight())) {
  66.                            permissionList.add(pmss.getRight().getName());
  67.                         }
  68.                      }
  69.                   }
  70.                }
  71.             }
  72.          }
  73.       } else {
  74.          throw new AuthorizationException();
  75.       }
  76.       // 为当前用户设置角色和权限
  77.       SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
  78.       simpleAuthorInfo.addRoles(roleList);
  79.       simpleAuthorInfo.addStringPermissions(permissionList);
  80.       return simpleAuthorInfo;
  81.    }
  82.  
  83.    /**
  84.     * 验证当前登录的Subject
  85.     * @see 经测试:本例中该方法的调用时机为LoginController.login()方法中执行Subject.login()时
  86.     */
  87.    @Override
  88.    protected AuthenticationInfo doGetAuthenticationInfo(
  89.          AuthenticationToken authcToken) throws AuthenticationException {
  90.       // 获取基于用户名和密码的令牌
  91.       // 实际上这个authcToken是从LoginController里面currentUser.login(token)传过来的
  92.       // 两个token的引用都是一样的
  93.       UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
  94.       System.out.println("验证当前Subject时获取到token为"
  95.             + ReflectionToStringBuilder.toString(token,
  96.                   ToStringStyle.MULTI_LINE_STYLE));
  97.       User user = userManager.getByUsername(token.getUsername());
  98.       if (null != user) {
  99.          AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(
  100.                user.getUserName(), user.getPass(), user.getNickName());
  101.          this.setSession("currentUser", user);
  102.          return authcInfo;
  103.       } else {
  104.          return null;
  105.       }
  106.    }
  107.  
  108.    /**
  109.     * 将一些数据放到ShiroSession中,以便于其它地方使用
  110.     * @see 比如Controller,使用时直接用HttpSession.getAttribute(key是撒大大大)就可以取到
  111.     */
  112.    private void setSession(Object key, Object value) {
  113.       Subject currentUser = SecurityUtils.getSubject();
  114.       if (null != currentUser) {
  115.          Session session = currentUser.getSession();
  116.          if (null != session) {
  117.             session.setAttribute(key, value);
  118.          }
  119.       }
  120.    }
  121.  
  122. }

 

 

你可能感兴趣的:(是撒大大大)