自定义Realm

0.096字数 41阅读 99

自定义Realm主要实现

自定义Realm继承AuthorizingRealm重写doGetAuthorizationInfo方法做授权和doGetAuthenticationInfo方法做认证。

自定义Realm类CustomRealm

package com.jarworker.shiro;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/**
 * 自定义Realm
 */
public class CustomRealm extends AuthorizingRealm {
    //模拟数据库的数据
     Map<String,String> map=new HashMap();
    {
        map.put("jarWorker","123");
        super.setName("customRealm");
    }
    /**
     * 授权使用
     * @param principals
     * @return
     */
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String userName=(String)principals.getPrimaryPrincipal();
        Set<String> roles=getRolesByUserName(userName);
        Set<String> permissions=getPermissionsByUserName(userName);
        SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.setRoles(roles);
        simpleAuthorizationInfo.setStringPermissions(permissions);
        return simpleAuthorizationInfo;
    }


    /**
     * 认证使用
     * @param token
     * @return
     * @throws AuthenticationException
     */
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
      //从主体传过来的认证信息中获取用户名
        String userName=(String) token.getPrincipal();//获取用户名
        String passWord=getPassword(userName);
        if(passWord==null){
            return null;
        }
        SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo("",passWord,"customRealm");
        return simpleAuthenticationInfo;
    }

    /**
     * 模拟数据库信息获取用户密码
     * @param userName
     * @return
     */
    private String getPassword(String userName) {
         if(null==userName){
             return  null;
         }
        return map.get(userName);
    }

    /**
     * 模拟数据库获取用户角色
     * @param userName
     * @return
     */
    private Set<String> getRolesByUserName(String userName) {
        Set<String> roles=new HashSet<String>();
        roles.add("admin");
        roles.add("tourist");
        return  roles;
    }

    /**
     * 模拟数据库获取用户权限
     * @param userName
     * @return
     */
     private Set<String> getPermissionsByUserName(String userName) {
         Set<String> permissions=new HashSet<String>();
         permissions.add("user:update");
         permissions.add("user:query");
         return  permissions;
    }
}

测试用例

package com.jarworker.test;

import com.jarworker.shiro.CustomRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;

public class CustomRealmTest {
    /**
     * 自定义Realm认证测试
     * @throws Exception
     */
    @Test
    public void CustomRealmAuthorizerTest() throws Exception {
        //构建DefaultSecurityManager 环境
        CustomRealm customRealm=new CustomRealm();
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(customRealm);
        //主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("jarWorker","123");
        subject.login(token);
        System.out.println("是否认证:"+subject.isAuthenticated());
        subject.logout();//登出
        System.out.println("是否认证:"+subject.isAuthenticated());
    }


    /**
     * 自定义Realm授权测试
     * @throws Exception
     */
    @Test
    public void CustomRealmAuthenticatorTest() throws Exception {
        //构建DefaultSecurityManager 环境
        CustomRealm customRealm=new CustomRealm();
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        defaultSecurityManager.setRealm(customRealm);
        //主体提交认证请求
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("jarWorker","123");
        subject.login(token);
        System.out.println("是否认证:"+subject.isAuthenticated());
        subject.checkRoles("admin","tourist");
        subject.checkPermission("user:query");
        subject.checkPermission("user:update");
    }
}

推荐阅读更多精彩内容