shiro自定义Realm实现认证和授权案例
shiro自定义Realm实现认证和授权案例
1、创建实体类
package com.yl.bean;
import java.io.Serializable;
/**
* 用户实体类
*/
public class User implements Serializable {
private Integer id;
private String username;
private String password;
public User() {
}
public User(Integer id, String username, String password) {
this.id = id;
this.username = username;
this.password = password;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public String toString() {
return "User{" +
"id=" + id +
", username='" + username + '\'' +
", password='" + password + '\'' +
'}';
}
}
package com.yl.bean;
import java.io.Serializable;
import java.util.List;
/**
* 用户权限和角色实体类
*/
public class ActiveUser implements Serializable {
private User user;//用户
private List<String> userRoles;//用户角色
private List<String> userAuthority;//用户权限
public ActiveUser() {
}
public ActiveUser(User user, List<String> userRoles, List<String> userAuthority) {
this.user = user;
this.userRoles = userRoles;
this.userAuthority = userAuthority;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
public List<String> getUserRoles() {
return userRoles;
}
public void setUserRoles(List<String> userRoles) {
this.userRoles = userRoles;
}
public List<String> getUserAuthority() {
return userAuthority;
}
public void setUserAuthority(List<String> userAuthority) {
this.userAuthority = userAuthority;
}
@Override
public String toString() {
return "ActiveUser{" +
"user=" + user +
", userRoles=" + userRoles +
", userAuthority=" + userAuthority +
'}';
}
}
2、创建持久层接口和实现类
- 接口
package com.yl.dao;
import com.yl.bean.User;
/**
* 用户持久层接口
*/
public interface IUserDao {
/**
* 根据用户名查询用户
*/
User queryByUsername(String username);
}
package com.yl.dao;
import java.util.List;
/**
* 用户角色持久层接口
*/
public interface IRoleDao {
/**
* 根据用户名查询用户角色
*/
List<String> queryByUsername(String username);
}
package com.yl.dao;
import java.util.List;
/**
* 用户权限持久层接口
*/
public interface IAuthorityDao {
/**
* 根据用户名查询用户权限
*/
List<String> queryByUsername(String username);
}
- 实现类
package com.yl.dao.impl;
import com.yl.bean.User;
import com.yl.dao.IUserDao;
/**
* 用户持久层接口实现类
*/
public class IUserDaoImpl implements IUserDao {
/**
* 根据用户名查询用户(模拟数据库)
*
* @param username
*/
@Override
public User queryByUsername(String username) {
switch (username){
case "yl01":
return new User(1,"yl01","1111");
case "yl02":
return new User(2,"yl02","1111");
case "yl03":
return new User(3,"yl03","1111");
default:
return null;
}
}
}
package com.yl.dao.impl;
import com.yl.dao.IRoleDao;
import java.util.Arrays;
import java.util.List;
/**
* 用户角色持久层接口实现类
*/
public class IRoleDaoImpl implements IRoleDao {
/**
* 根据用户名查询用户角色
*
* @param username
*/
@Override
public List<String> queryByUsername(String username) {
return Arrays.asList("role1","role2");
}
}
package com.yl.dao.impl;
import com.yl.dao.IAuthorityDao;
import java.util.Arrays;
import java.util.List;
/**
* 用户权限持久层接口实现类
*/
public class IAuthorityDaoImpl implements IAuthorityDao {
/**
* 根据用户名查询用户权限
*
* @param username
*/
@Override
public List<String> queryByUsername(String username) {
return Arrays.asList("user:query","user:add");
}
}
3、创建业务层接口和实现类
- 接口
package com.yl.service;
import com.yl.bean.User;
import java.util.List;
/**
* 用户业务层接口
*/
public interface IUserService {
/**
* 根据用户名查询用户
*/
User queryByUsername(String username);
}
package com.yl.service;
import java.util.List;
/**
* 用户角色业务层接口
*/
public interface IRoleService {
/**
* 根据用户名查询用户角色
*/
List<String> queryByUsername(String username);
}
package com.yl.service;
import java.util.List;
/**
* 用户权限业务层接口
*/
public interface IAuthorityService {
/**
* 根据用户名查询用户权限
*/
List<String> queryByUsername(String username);
}
- 实现类
package com.yl.service.impl;
import com.yl.bean.User;
import com.yl.dao.IUserDao;
import com.yl.dao.impl.IUserDaoImpl;
import com.yl.service.IUserService;
/**
* 用户业务层接口实现类
*/
public class IUserServiceImpl implements IUserService {
private IUserDao userDao=new IUserDaoImpl();
/**
* 根据用户名查询用户
*
* @param username
*/
@Override
public User queryByUsername(String username) {
return userDao.queryByUsername(username);
}
}
package com.yl.service.impl;
import com.yl.dao.IRoleDao;
import com.yl.dao.impl.IRoleDaoImpl;
import com.yl.service.IRoleService;
import java.util.List;
/**
*用户角色业务层接口实现类
*/
public class IRoleServiceImpl implements IRoleService {
private IRoleDao roleDao=new IRoleDaoImpl();
/**
* 根据用户名查询用户角色
*
* @param username
*/
@Override
public List<String> queryByUsername(String username) {
return roleDao.queryByUsername(username);
}
}
package com.yl.service.impl;
import com.yl.dao.IAuthorityDao;
import com.yl.dao.impl.IAuthorityDaoImpl;
import com.yl.service.IAuthorityService;
import java.util.List;
/**
* 用户权限业务层接口实现类
*/
public class IAuthorityImpl implements IAuthorityService {
private IAuthorityDao authorityDao=new IAuthorityDaoImpl();
/**
* 根据用户名查询用户权限
*
* @param username
*/
@Override
public List<String> queryByUsername(String username) {
return authorityDao.queryByUsername(username);
}
}
4、自定义Realm
package com.yl.shiro;
import com.yl.bean.ActiveUser;
import com.yl.bean.User;
import com.yl.dao.IRoleDao;
import com.yl.service.IAuthorityService;
import com.yl.service.IRoleService;
import com.yl.service.IUserService;
import com.yl.service.impl.IAuthorityImpl;
import com.yl.service.impl.IRoleServiceImpl;
import com.yl.service.impl.IUserServiceImpl;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.List;
public class UserRealm extends AuthorizingRealm {
private IUserService userService = new IUserServiceImpl();//用户业务层对象
private IRoleService roleService=new IRoleServiceImpl();//用户角色业务层对象
private IAuthorityService authorityService=new IAuthorityImpl();//用户权限业务层对象
/**
* 用户认证
*
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
//获取用户名
String username = token.getPrincipal().toString();
//查询用户
User user = userService.queryByUsername(username);
if (user != null) {
//查询用户角色
List<String> roleList=roleService.queryByUsername(username);
//查询用户权限
List<String> authorityList=authorityService.queryByUsername(username);
ActiveUser activeUser=new ActiveUser(user,roleList,authorityList);
/**
*用户认证
*参数说明:
* 参数1:可以是任意对象,作为用户身份
* 参数2:用户密码,和UsernamePasswordToken一致
* 参数3:当前类名
*/
SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(activeUser,user.getPassword(),this.getName());
return info;
}
return null;
}
/**
* 用户授权
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//用户认证方法传递的参数
ActiveUser activeUser= (ActiveUser) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
//添加角色
List<String> roleList=activeUser.getUserRoles();
if (roleList!=null&&roleList.size()>0){
info.addRoles(roleList);
}
//添加权限
List<String> authorityList=activeUser.getUserAuthority();
if (authorityList!=null&&authorityList.size()>0){
info.addStringPermissions(authorityList);
}
return info;
}
}
5、测试类
package com.yl.shiro;
import com.yl.bean.ActiveUser;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Arrays;
/**
* 测试类
*/
public class ShiroTest {
//日志输出工具
private static final transient Logger log = LoggerFactory.getLogger(ShiroTest.class);
public static void main(String[] args) {
log.info("My First Apache Shiro Application");
//创建安全管理器的工厂对象
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//使用工厂创建安全管理器对象
DefaultSecurityManager securityManager = (DefaultSecurityManager) factory.getInstance();
//注入自定义reaml,也可以通过配置文件实现,配置文件如下
/*UserRealm userRealm=new UserRealm();
securityManager.setRealm(userRealm);*/
//把安全管理器绑定到当前线程
SecurityUtils.setSecurityManager(securityManager);
//得到主体对象
Subject currentUser = SecurityUtils.getSubject();
//封装用户对象
AuthenticationToken token=new UsernamePasswordToken("yl01","1111");
//进行认证
try {
currentUser.login(token);
System.out.println("认证通过");
//用户认证方法传递的参数
ActiveUser activeUser = (ActiveUser) currentUser.getPrincipal();
System.out.println(activeUser);
} catch (AuthenticationException e) {
System.out.println("用户名或密码错误");
}
//判断用户角色和权限
boolean allRoles=currentUser.hasAllRoles(Arrays.asList("role1","role2"));
System.out.println(allRoles);
boolean permittedAll=currentUser.isPermittedAll("user:query","user:add");
System.out.println(permittedAll);
}
}
- ini配置文件注入自定义Reaml
[main]
# 创建userReaml对象
userRealm= com.yl.shiro.UserRealm
# 把userReaml注入安全管理器,securityManager是自己创建的安全管理器对象名
securityManager.realm=$userRealm
记得快乐
浙公网安备 33010602011771号