Apache Shiro 使用手册(四)Realm 实现
在认证、授权内部实现机制中都有提到,最终处理都将交给Real进行处理。因为在Shiro中,最终是通过Realm来获取应用程序中的用户、角色及权限信息的。通常情况下,在Realm中会直接从我们的数据源中获取Shiro需要的验证信息。可以说,Realm是专用于安全框架的DAO.一、认证实现
正如前文所提到的,Shiro的认证过程最终会交由Realm执行,这时会调用Realm的getAuthenticationInfo(token)方法。
该方法主要执行以下操作:
1、检查提交的进行认证的令牌信息
2、根据令牌信息从数据源(通常为数据库)中获取用户信息
3、对用户信息进行匹配验证。
4、验证通过将返回一个封装了用户信息的AuthenticationInfo实例。
5、验证失败则抛出AuthenticationException异常信息。
而在我们的应用程序中要做的就是自定义一个Realm类,继承AuthorizingRealm抽象类,重载doGetAuthenticationInfo (),重写获取用户信息的方法。
Java代码 http://kdboy.iteye.com/javascripts/syntaxhighlighter/clipboard_new.swf?clipboard=protected%20AuthenticationInfo%20doGetAuthenticationInfo(AuthenticationToken%20authcToken)%20throws%20AuthenticationException%20%7B%0A%09%09UsernamePasswordToken%20token%20%3D%20(UsernamePasswordToken)%20authcToken%3B%0A%09%09User%20user%20%3D%20accountManager.findUserByUserName(token.getUsername())%3B%0A%09%09if%20(user%20!%3D%20null)%20%7B%0A%09%09%09return%20new%20SimpleAuthenticationInfo(user.getUserName()%2C%20user.getPassword()%2C%20getName())%3B%0A%09%09%7D%20else%20%7B%0A%09%09%09return%20null%3B%0A%09%09%7D%0A%7D
[*]protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
[*] UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
[*] User user = accountManager.findUserByUserName(token.getUsername());
[*] if (user != null) {
[*] return new SimpleAuthenticationInfo(user.getUserName(), user.getPassword(), getName());
[*] } else {
[*] return null;
[*] }
[*]}
二、授权实现
而授权实现则与认证实现非常相似,在我们自定义的Realm中,重载doGetAuthorizationInfo()方法,重写获取用户权限的方法即可。
Java代码 http://kdboy.iteye.com/javascripts/syntaxhighlighter/clipboard_new.swf?clipboard=protected%20AuthorizationInfo%20doGetAuthorizationInfo(PrincipalCollection%20principals)%20%7B%0A%09%09String%20userName%20%3D%20(String)%20principals.fromRealm(getName()).iterator().next()%3B%0A%09%09User%20user%20%3D%20accountManager.findUserByUserName(userName)%3B%0A%09%09if%20(user%20!%3D%20null)%20%7B%0A%09%09%09SimpleAuthorizationInfo%20info%20%3D%20new%20SimpleAuthorizationInfo()%3B%0A%09%09%09for%20(Group%20group%20%3A%20user.getGroupList())%20%7B%0A%09%09%09%09info.addStringPermissions(group.getPermissionList())%3B%0A%09%09%09%7D%0A%09%09%09return%20info%3B%0A%09%09%7D%20else%20%7B%0A%09%09%09return%20null%3B%0A%09%09%7D%0A%7D
[*]protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
[*] String userName = (String) principals.fromRealm(getName()).iterator().next();
[*] User user = accountManager.findUserByUserName(userName);
[*] if (user != null) {
[*] SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
[*] for (Group group : user.getGroupList()) {
[*] info.addStringPermissions(group.getPermissionList());
[*] }
[*] return info;
[*] } else {
[*] return null;
[*] }
[*]}
页:
[1]