1.Realm的实现
package com.cedric.realm;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.util.ByteSource;/**** 使用自定义realm 加上 MD5 + salt + hash*/public class CustomerMd5Realm extends AuthorizingRealm {//授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();System.out.println("身份信息:" + primaryPrincipal);//根据身份信息 用户名 获取当前用户的角色信息,以及权限信息SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();//将数据库中查询角色信息赋值给权限对象simpleAuthorizationInfo.addRole("admin");simpleAuthorizationInfo.addRole("user");//将数据库中查询权限信息赋值给权限对象simpleAuthorizationInfo.addStringPermission("user:*:01");simpleAuthorizationInfo.addStringPermission("product:create");return simpleAuthorizationInfo;}@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {//获取身份信息String principal = (String) authenticationToken.getPrincipal();//根据用户名查询数据库if ("Jack".equals(principal)){//参数1:数据库用户名 参数2:数据库md5+salt之后的密码 参数3:注册时的随机盐 参数4:realm的名字return new SimpleAuthenticationInfo(principal,"0c3fd70bf5939dccaad22d27bfa46298",ByteSource.Util.bytes("0X*P"),this.getName());}return null;}}
2.授权
package com.cedric;import com.cedric.realm.CustomerMd5Realm;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.IncorrectCredentialsException;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.mgt.DefaultSecurityManager;import org.apache.shiro.subject.Subject;import java.util.Arrays;public class TestCustomerMd5RealmAuthenicator {public static void main(String[] args) {//创建安全管理器DefaultSecurityManager securityManager = new DefaultSecurityManager();//注入RealmCustomerMd5Realm realm = new CustomerMd5Realm();//设置realm使用hash凭证匹配器HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();//使用算法credentialsMatcher.setHashAlgorithmName("md5");//散列次数credentialsMatcher.setHashIterations(1024);realm.setCredentialsMatcher(credentialsMatcher);securityManager.setRealm(realm);//将安全工具类注入安全工具SecurityUtils.setSecurityManager(securityManager);//通过安全工具获取subjectSubject subject = SecurityUtils.getSubject();//认证UsernamePasswordToken token = new UsernamePasswordToken("Jack","123");try {subject.login(token);System.out.println("登录成功");} catch (UnknownAccountException e){e.printStackTrace();System.out.println("用户名错误");} catch (IncorrectCredentialsException e){e.printStackTrace();System.out.println("密码错误");}//授权if (subject.isAuthenticated()){//基于角色权限控制System.out.println(subject.hasRole("admin"));//基于多角色条件控制System.out.println(subject.hasAllRoles(Arrays.asList("admin", "user")));//是否具有其中一个角色boolean[] booleans = subject.hasRoles(Arrays.asList("admin", "super","user"));for (boolean b : booleans){System.out.println(b);}System.out.println("===================");//基于权限字符串的访问控制 资源标识符:操作:资源类型System.out.println("权限:" + subject.isPermitted("user:update:01"));System.out.println("权限:" + subject.isPermitted("product:create:02"));//分别具有哪些权限boolean[] permitted = subject.isPermitted("user:*:01", "order:*:10");for (boolean b : permitted){System.out.println(b);}//同时具有哪些权限boolean permittedAll = subject.isPermittedAll("user:*:01","product:create:*");System.out.println(permittedAll);}}}
若有收获,就点个赞吧
0 人点赞
