A股上市公司传智教育(股票代码 003032)旗下技术交流社区北京昌平校区

 找回密码
 加入黑马

QQ登录

只需一步,快速开始

我们使用自定义Realm为用户添加角色信息

【演示】:
自定义Realm,实现授权功能
当登录用户为zhangsan时,授予用户boss权限,当登录用户为lisi时,授予staff权限

1、新建maven工程,导入依赖和编译插件
[Java] 纯文本查看 复制代码
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.9</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.2</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.2</version>
<configuration>
<target>1.8</target>
<source>1.8</source>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>


2、自定义Realm,继承AuthorizingRealm,实现为用户授权的功能
[Java] 纯文本查看 复制代码
package cn.oriki.shiro.realm;
 
import java.util.Collection;
 
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
 
public class MyRealm extends AuthorizingRealm {
 
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
Collection<?> realms = principals.fromRealm(super.getName());
 
// 如果是zhangsan,授予用户boss角色
if (realms.contains("zhangsan")) {
authorizationInfo.addRole("boss");
}
// 如果登录用户是lisi,授予staff角色
if (realms.contains("lisi")) {
authorizationInfo.addRole("staff");
}
 
return authorizationInfo;
}
 
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 放行所有用户,返回他们的登录账号和密码
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
String username = usernamePasswordToken.getUsername();
String password = new String(usernamePasswordToken.getPassword());
return new SimpleAuthenticationInfo(username, password, super.getName());
}
 
}


3、编写测试类,进行测试,检查登录用户是否是boss角色
[Java] 纯文本查看 复制代码
package cn.oriki.shiro.test;
 
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
 
import cn.oriki.shiro.realm.MyRealm;
 
public class AuthorizatorTest {
 
@Test
public void test() {
Subject subject = this.getSubject();
 
UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123456");
 
// 登录
subject.login(token);
 
subject.checkRole("boss");// 检查登录用户是否有boss权限
 
// 登出
subject.logout();
}
 
/**
* 获取Subject
* 
* @return
*/
private Subject getSubject() {
DefaultSecurityManager securityManager = new DefaultSecurityManager();
 
securityManager.setRealm(new MyRealm());
 
SecurityUtils.setSecurityManager(securityManager);
 
return SecurityUtils.getSubject();
}
}





1 个回复

倒序浏览
回复 使用道具 举报
您需要登录后才可以回帖 登录 | 加入黑马