shiro实战

唐老没有鸭
151 阅读1分钟

1.背景

shiro 框架实战,为以后独立做项目打下基础

2. 概念

Subject: 当前用户

SecurityManager:管理所有用户Subject

Realm 连接数据

3. 实战

3.1 login接口

/**
 * 自定义的UserRealm
 * 登录接口,subject.login(token); 这个时候会走进认证方法,认证好了,就去调用doGetAuthenticationInfo
 * 登录接口结束了以后,会调用两次授权方法
 * 执行subject.login(token); 的时候会跳转到doGetAuthenticationInfo
 * 每一次调用接口都会调用授权方法
 *
 */
 
@RequestMapping("/login")
public String login(String username,String password,Model model){
    //获取当前用户
    Subject subject = SecurityUtils.getSubject();

    //封装用户的登录数据
    UsernamePasswordToken token = new UsernamePasswordToken(username, password);

    try{
        //执行登录方法,如果没有异常就说明ok了
        subject.login(token);
        return "index";
    }catch (UnknownAccountException e){
        //用户名不存在
        model.addAttribute("msg","用户名错误");
        return "login";

    }catch (IncorrectCredentialsException e){//密码不存在
        model.addAttribute("msg","密码错误");
        return "login";

    }
}

3.2 AuthorizingRealm 的实现类

/**
 *  认证方法里面往session里面放multiUser
 *  在授权方法里面再次拿出来, 拿出来放到info里面
 */

public class UserRealm extends AuthorizingRealm {

    @Autowired
    TUserService TUserService;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了--》授权doGETAuthorizationInfo");

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //拿到当前登录的对象
        Subject subject = SecurityUtils.getSubject();
        //拿到用户对象, 就是这个地方的 return new SimpleAuthenticationInfo(tUser,tUser.getPwd(),"");
        MultiUser currentUser= (MultiUser) subject.getPrincipal();

        List<Permission> permissionList = currentUser.getPermissionList();
        String resource = permissionList.get(0).getResource();
        //设置当前用户的权限
        info.addStringPermission(resource);
        return info;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("执行了--》认证doGETAuthenticationInfo");
        UsernamePasswordToken userToken = (UsernamePasswordToken) token;
        //连接真实的数据库
        MultiUser multiUser = TUserService.queryUserByName(userToken.getUsername());
        if(multiUser == null){
            //抛出异常  UnknownAccountException
            return null;
        }

        Subject currentSubject = SecurityUtils.getSubject();
        Session session = currentSubject.getSession();
        session.setAttribute("loginUser",multiUser);
        return new SimpleAuthenticationInfo(multiUser,multiUser.gettUser().getPwd(),"");
    }
}
avatar
文章
阅读
粉丝