【上海校区】Shiro学习笔记整理--Authorizer、PermissionResolver和... - 黑马程序员技术交流社区

Authorizer（授权器），是Shiro中授权的核心入口。其提供了角色和权限的判断接口。

SecurityManager接口继承了Authorizer接口，并且提供了ModularRealmAuthorizer进行多Realm时的授权匹配。

PermissionResolver用于解析字符串为Permission对象。

而RolePermissionResolver用于解析角色信息对应的权限集合。

使用ModularRealmAuthorizer进行授权功能，

使用org.apache.shiro.authz.permission.WildcardPermissionResolver进行字符串解析，

使用自定义的RolePermissionResolver进行角色的权限解析

因为RolePermissionResolver没有实现类，所以我们才说要使用自定义的RolePermissionResolver进行对应角色的权限添加。

自定义一个RolePermissionResolver，当拥有boss角色时，自动添加user模块下的所有权限

1、新建maven工程，导入依赖和编译插件

[Java] 纯文本查看 复制代码

<dependencies>

<dependency>

<groupId>junit</groupId>

<artifactId>junit</artifactId>

<version>4.9</version>

<scope>test</scope>

</dependency>

<dependency>

<groupId>commons-logging</groupId>

<artifactId>commons-logging</artifactId>

<version>1.1.3</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-core</artifactId>

<version>1.2.2</version>

</dependency>

</dependencies>

<build>

<plugins>

<plugin>

<groupId>org.apache.maven.plugins</groupId>

<artifactId>maven-compiler-plugin</artifactId>

<version>3.2</version>

<configuration>

<target>1.8</target>

<source>1.8</source>

<encoding>UTF-8</encoding>

</configuration>

</plugin>

</plugins>

</build>

2、编写自定义RolePermissionResolver，实现RolePermissionResolver，当登录用户的角色有boss时，赋予其user模块下的CRUD操作

[Java] 纯文本查看 复制代码

package cn.oriki.shiro.realm;

 

import java.util.Arrays;

import java.util.Collection;

 

import org.apache.shiro.authz.Permission;

import org.apache.shiro.authz.permission.RolePermissionResolver;

import org.apache.shiro.authz.permission.WildcardPermission;

 

public class MyRolePermissionResolver implements RolePermissionResolver {

 

@Override

public Collection<Permission> resolvePermissionsInRole(String roleString) {

// 如果是boss角色，赋予user模块下的所有权限

if ("boss".equals(roleString)) {

return Arrays.asList(new WildcardPermission("user:*"));

}

return null;

}

 

}

3、自定义Realm，继承AuthorizingRealm，当登录用户为zhangsan时，授予Boss权限

[Java] 纯文本查看 复制代码

package cn.oriki.shiro.realm;

 

import java.util.Collection;

 

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

 

public class MyRealm extends AuthorizingRealm {

 

@Override

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

Collection<?> realms = principals.fromRealm(super.getName());

 

// 如果是zhangsan，授予用户boss角色

if (realms.contains("zhangsan")) {

authorizationInfo.addRole("boss");

}

// 如果登录用户是lisi，授予staff角色

if (realms.contains("lisi")) {

authorizationInfo.addRole("staff");

}

 

return authorizationInfo;

 

}

 

@Override

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

// 放行所有用户，返回他们的登录账号和密码

UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;

String username = usernamePasswordToken.getUsername();

String password = new String(usernamePasswordToken.getPassword());

return new SimpleAuthenticationInfo(username, password, super.getName());

}

 

}

3、编写测试类，使用DefaultSecurityManager，

使用Shiro提供的WildcardPermissionResolver做PermissionResolver、

使用自定义的RolePermissionResolver做RolePermissionResolver

登录用户为zhangsan，判断是否有user模块的增加和删除权限

注意：设置SecurityManager的Realm一定要放在设置Authorizer之后，因为在调用SecurityManager.setRealms时会将realms设置给authorizer，并为各个Realm设置permissionResolver和rolePermissionResolver

[Java] 纯文本查看 复制代码

package cn.oriki.shiro.test;

 

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authz.Authorizer;

import org.apache.shiro.authz.ModularRealmAuthorizer;

import org.apache.shiro.authz.permission.RolePermissionResolver;

import org.apache.shiro.authz.permission.WildcardPermissionResolver;

import org.apache.shiro.mgt.DefaultSecurityManager;

import org.apache.shiro.subject.Subject;

import org.junit.Test;

 

import cn.oriki.shiro.realm.MyRealm;

import cn.oriki.shiro.realm.MyRolePermissionResolver;

 

public class AuthorizerTest {

 

@Test

public void test() {

Subject subject = getSubject();

 

UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123456");

 

subject.login(token);

 

// 检查zhangsan是否拥有user下的权限

subject.checkPermission("user:create");

subject.checkPermission("user:delete");

 

subject.logout();

}

 

/**

* 获取Subject

* 

* @return

*/

private Subject getSubject() {

SecurityUtils.setSecurityManager(getSecurityManager());

 

return SecurityUtils.getSubject();

}

 

/**

* 获取安全管理器

* 

* @return

*/

private org.apache.shiro.mgt.SecurityManager getSecurityManager() {

DefaultSecurityManager securityManager = new DefaultSecurityManager();

 

securityManager.setAuthorizer(getAuthorizer());

securityManager.setRealm(new MyRealm());

return securityManager;

}

 

/**

* 获取授权器

* 

* @return

*/

private Authorizer getAuthorizer() {

ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer();

 

// 设置PermissionResovler

authorizer.setPermissionResolver(new WildcardPermissionResolver());

 

// 设置RolePermissionResolver

authorizer.setRolePermissionResolver(getRolePermissionResolver());

 

return authorizer;

}

 

/**

* 获取自定义的RolePermissionResolver

* 

* @return

*/

private RolePermissionResolver getRolePermissionResolver() {

return new MyRolePermissionResolver();

}

}

其中，PermissionResolver提供了implies(Permissionp)方法用于判断权限匹配的