Authorizer(授权器),是Shiro中授权的核心入口。其提供了角色和权限的判断接口。
SecurityManager接口继承了Authorizer接口,并且提供了ModularRealmAuthorizer进行多Realm时的授权匹配。
PermissionResolver用于解析字符串为Permission对象。 而RolePermissionResolver用于解析角色信息对应的权限集合。
演示 使用ModularRealmAuthorizer进行授权功能, 使用org.apache.shiro.authz.permission.WildcardPermissionResolver进行字符串解析, 使用自定义的RolePermissionResolver进行角色的权限解析
因为RolePermissionResolver没有实现类,所以我们才说要使用自定义的RolePermissionResolver进行对应角色的权限添加。
【需求】: 自定义一个RolePermissionResolver,当拥有boss角色时,自动添加user模块下的所有权限
【演示】: 1、新建maven工程,导入依赖和编译插件 [Java] 纯文本查看 复制代码 <dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.9</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.2</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.2</version>
<configuration>
<target>1.8</target>
<source>1.8</source>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
2、编写自定义RolePermissionResolver,实现RolePermissionResolver,当登录用户的角色有boss时,赋予其user模块下的CRUD操作 [Java] 纯文本查看 复制代码 package cn.oriki.shiro.realm;
import java.util.Arrays;
import java.util.Collection;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.apache.shiro.authz.permission.WildcardPermission;
public class MyRolePermissionResolver implements RolePermissionResolver {
@Override
public Collection<Permission> resolvePermissionsInRole(String roleString) {
// 如果是boss角色,赋予user模块下的所有权限
if ("boss".equals(roleString)) {
return Arrays.asList(new WildcardPermission("user:*"));
}
return null;
}
}
3、自定义Realm,继承AuthorizingRealm,当登录用户为zhangsan时,授予Boss权限 [Java] 纯文本查看 复制代码 package cn.oriki.shiro.realm;
import java.util.Collection;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
Collection<?> realms = principals.fromRealm(super.getName());
// 如果是zhangsan,授予用户boss角色
if (realms.contains("zhangsan")) {
authorizationInfo.addRole("boss");
}
// 如果登录用户是lisi,授予staff角色
if (realms.contains("lisi")) {
authorizationInfo.addRole("staff");
}
return authorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 放行所有用户,返回他们的登录账号和密码
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
String username = usernamePasswordToken.getUsername();
String password = new String(usernamePasswordToken.getPassword());
return new SimpleAuthenticationInfo(username, password, super.getName());
}
}
3、编写测试类,使用DefaultSecurityManager, 使用Shiro提供的WildcardPermissionResolver做PermissionResolver、 使用自定义的RolePermissionResolver做RolePermissionResolver
登录用户为zhangsan,判断是否有user模块的增加和删除权限 注意:设置SecurityManager的Realm一定要放在设置Authorizer之后,因为在调用SecurityManager.setRealms时会将realms设置给authorizer,并为各个Realm设置permissionResolver和rolePermissionResolver [Java] 纯文本查看 复制代码 package cn.oriki.shiro.test;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.authz.permission.RolePermissionResolver;
import org.apache.shiro.authz.permission.WildcardPermissionResolver;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import cn.oriki.shiro.realm.MyRealm;
import cn.oriki.shiro.realm.MyRolePermissionResolver;
public class AuthorizerTest {
@Test
public void test() {
Subject subject = getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123456");
subject.login(token);
// 检查zhangsan是否拥有user下的权限
subject.checkPermission("user:create");
subject.checkPermission("user:delete");
subject.logout();
}
/**
* 获取Subject
*
* @return
*/
private Subject getSubject() {
SecurityUtils.setSecurityManager(getSecurityManager());
return SecurityUtils.getSubject();
}
/**
* 获取安全管理器
*
* @return
*/
private org.apache.shiro.mgt.SecurityManager getSecurityManager() {
DefaultSecurityManager securityManager = new DefaultSecurityManager();
securityManager.setAuthorizer(getAuthorizer());
securityManager.setRealm(new MyRealm());
return securityManager;
}
/**
* 获取授权器
*
* @return
*/
private Authorizer getAuthorizer() {
ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer();
// 设置PermissionResovler
authorizer.setPermissionResolver(new WildcardPermissionResolver());
// 设置RolePermissionResolver
authorizer.setRolePermissionResolver(getRolePermissionResolver());
return authorizer;
}
/**
* 获取自定义的RolePermissionResolver
*
* @return
*/
private RolePermissionResolver getRolePermissionResolver() {
return new MyRolePermissionResolver();
}
}
其中,PermissionResolver提供了implies(Permissionp)方法用于判断权限匹配的
| 
收藏
淘帖
踩
