一只倔强的笨猪

【Shiro】自定义Realm

自定义Realm

就是继承AuthorizingRealm类重写方法就可以实现自己自定义Realm。

1.导入Maven。

	<dependencies>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.2.2</version>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>RELEASE</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.45</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>1.1.6</version>
        </dependency>
    </dependencies>

2.继承AuthorizingRealm重写方法(重点)。

package com.benzhu.shiro.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

public class CustomRealm extends AuthorizingRealm {

    Map<String,String> userMap = new HashMap<String, String>(16);

    {
        userMap.put("benzhu","123456");
        super.setName("customRealm");
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
	//重写这个授权的方法
        String username = (String) principals.getPrimaryPrincipal();
        //从缓存中拿到角色数据
        Set<String> roles = getRolesByUserName(username);
        //从缓存中拿到权限数据
        Set<String> permissions = getPermissionUserName(username);
        //返回对象
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.setRoles(roles);
        authorizationInfo.setStringPermissions(permissions);
        return authorizationInfo;
    }

    private Set<String> getPermissionUserName(String username) {
		//模拟数据库查询
        Set<String> sets = new HashSet<String>();
        sets.add("admin:update");
        return sets;
    }

    private Set<String> getRolesByUserName(String username) {
		//模拟数据库查询
        Set<String> sets = new HashSet<String>();
		//多个角色写多个add就行。
        sets.add("admin");
        return sets;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	//重写这个认证的方法
        //1.从主体传过来的认证信息中获取用户名
        String username = (String) token.getPrincipal();
        //2.通过用户名到数据库中获取凭证
        String password = getPasswordByUserName(username);
        if(password == null){
            return null;
        }
		//返回对象
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(username,password,"customRealm");
        return authenticationInfo;

    }

    private String getPasswordByUserName(String username) {
        //模拟数据库查询
        return userMap.get(username);
    }
}

3.编写测试类。

package com.benzhu.test;

import com.benzhu.shiro.realm.CustomRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.Subject;
import org.junit.Test;

public class CustomRealmTest {
    @Test
    public void tsetAuthentication(){

        CustomRealm customRealm = new CustomRealm();

        //1.构建SecurityManager环境
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(customRealm);
        //2.主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("benzhu","123456");
        try {
            subject.login(token);
            try {
                subject.checkRole("admin");
                subject.checkPermission("admin:update");
            }catch (UnauthorizedException exception){
                System.out.println("角色授权或者权限授权失败!");
            }

        }catch (AuthenticationException e){
            System.out.println("认证失败!");
        }

        System.out.println("isAuthenticated:"+subject.isAuthenticated());
        subject.logout();
        System.out.println("isAuthenticated:"+subject.isAuthenticated());
    }
}

效果图:
《【Shiro】自定义Realm》

点赞

发表评论

电子邮件地址不会被公开。 必填项已用*标注