shiro框架权限demo

package com.yueke.gemini.shiro.realm; /** * Created by admin on 2019/2/23. */ import com.yueke.gemini.shiro.constants.Global; import com.yueke.gemini.shiro.entity.Menu; import com.yueke.gemini.shiro.entity.Role; import com.yueke.gemini.shiro.entity.User; import com.yueke.gemini.shiro.service.UserService; import org.apache.commons.lang3.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.session.Session; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.Subject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; /** * 自定义的指定Shiro验证用户登录的类 * 在本例中定义了2个用户:jadyer和玄玉,jadyer具有admin角色和admin:manage权限,玄玉不具有任何角色和权限 * @User: coding99 * */ @Service public class SystemAuthorizingRealm extends AuthorizingRealm { private Logger logger = LoggerFactory.getLogger(getClass()); @Autowired private UserService userService; // @Autowired // private RoleService roleService; // @Autowired // private MenuService menuService; /** * 为当前登录的Subject授予角色和权限 * 经测试:本例中该方法的调用时机为需授权资源被访问时 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { //获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next() String currentAccount = (String) super.getAvailablePrincipal(principals); List<String> roleNameList = new ArrayList<String>(); List<String> permissionList = new ArrayList<String>(); //从数据库中获取当前登录用户的详细信息 User user = getUser(); if (null != user) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); List<Role> roleList = null;// roleService.selectRoleByUserId(user.getId()); Map<String, Object> map = new HashMap<String, Object>(); map.put("userId", user.getId()); map.put("permission", "permission"); List<Menu> menuList = null; // menuService.selectMenuByUserId(map); /*构建用户的角色集合*/ for (Role role : roleList) { roleNameList.add(role.getRolename()); } info.addRoles(roleNameList); /*构建用户的权限代码集合*/ // for (Menu menu : menuList) { // if (StringUtils.isNotBlank(menu.getPermission())) { // if (StringUtils.isNotEmpty(menu.getPermission())) { // String[] permissions = menu.getPermission().split(","); // for (int i = 0; i < permissions.length; i++) { // if (StringUtils.isNotEmpty(permissions[i])) { // permissionList.add(permissions[i]); // } // } // } // } // } info.addStringPermissions(permissionList); return info; } else { return null; } } /** * 验证当前登录的Subject * 经测试:本例中该方法的调用时机为LoginController.login()方法中执行Subject.login()时 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String username = token.getUsername(); User user = userService.findByName(username); if (user == null) { throw new UnknownAccountException("帐号找不到"); } if ("0".equals(user.getStatus())) { throw new LockedAccountException("msg:该已帐号禁止登录."); } SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName()); setSession(Global.GLOBAL_USER, user); return authenticationInfo; } /** * 将一些数据放到ShiroSession中,以便于其它地方使用 * 比如Controller,使用时直接用HttpSession.getAttribute(key)就可以取到 */ private void setSession(Object key, Object value) { Subject currentUser = SecurityUtils.getSubject(); if (null != currentUser) { Session session = currentUser.getSession(); System.out.println("Session默认超时时间为[" + session.getTimeout() + "]毫秒"); if (null != session) { session.setAttribute(key, value); } } } private User getUser() { Subject currentUser = SecurityUtils.getSubject(); Session session = currentUser.getSession(); User user = (User) session.getAttribute(Global.GLOBAL_USER); return user; } }