shiro多Realm分别授权

star2017 1年前 ⋅ 1910 阅读

想看多realm认证的请看

https://blog.csdn.net/u013294097/article/details/90053299

想看多realm认证的请看

https://blog.csdn.net/u013294097/article/details/90053299


多Realm分别授权需要重写

import org.apache.shiro.authz.ModularRealmAuthorizer;

的三个方法:

public boolean isPermitted(PrincipalCollection principals, String permission);

public boolean isPermitted(PrincipalCollection principals, Permission permission);

public boolean hasRole(PrincipalCollection principals, String roleIdentifier);

思路:

多Realm的每个Realm都设置一个名字,这样子,在鉴权的时候拿到名字,确定使用哪个Realm进行授权

1.为Realm设置名字代码:

public class AdminRealm extends AuthorizingRealm {
    @Reference
    private IAdminAuthService adminAuthService;

    private static final String ADMIN_LOGIN_TYPE = LoginType.ADMIN.getName();

    {
        super.setName("admin");//设置realm的名字,非常重要
    }
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        return null;
    }
    
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        return null;
    }
}

2.复写import org.apache.shiro.authz.ModularRealmAuthorizer;方法,实现三个接口

import com.cyjz.util.CommUtil;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.Set;

public class CustomizedModularRealmAuthorizer extends ModularRealmAuthorizer {

    @Override
    public boolean isPermitted(PrincipalCollection principals, String permission) {
        assertRealmsConfigured();
        Set<String> realmNames = principals.getRealmNames();
        //获取realm的名字
        String realmName = realmNames.iterator().next();
        for (Realm realm : getRealms()) {
            if (!(realm instanceof Authorizer)) continue;
            //匹配名字
            if(realmName.equals("admin"))) {
                if (realm instanceof AdminRealm) {
                    return ((AdminRealm) realm).isPermitted(principals, permission);
                }
            }
            if(realmName.equals("user")) {
                if (realm instanceof UserRealm) {
                    return ((UserRealm) realm).isPermitted(principals, permission);
                }
            }
        }
        return false;
    }

    @Override
    public boolean isPermitted(PrincipalCollection principals, Permission permission) {
        assertRealmsConfigured();
        Set<String> realmNames = principals.getRealmNames();
        //获取realm的名字
        String realmName = realmNames.iterator().next();
        for (Realm realm : getRealms()) {
            if (!(realm instanceof Authorizer)) continue;
            //匹配名字
            if(realmName.equals("admin"))) {
                if (realm instanceof AdminRealm) {
                    return ((AdminRealm) realm).isPermitted(principals, permission);
                }
            }
            //匹配名字
            if(realmName.equals("user"))) {
                if (realm instanceof UserRealm) {
                    return ((UserRealm) realm).isPermitted(principals, permission);
                }
            }
        }
        return false;    }

    @Override
    public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
        assertRealmsConfigured();
        Set<String> realmNames = principals.getRealmNames();
        //获取realm的名字
        String realmName = realmNames.iterator().next();
        for (Realm realm : getRealms()) {
            if (!(realm instanceof Authorizer)) continue;
            //匹配名字
            if(realmName.equals("admin"))) {
                if (realm instanceof AdminRealm) {
                    return ((AdminRealm) realm).hasRole(principals, roleIdentifier);
                }
            }
            //匹配名字
            if(realmName.equals("admin"))) {
                if (realm instanceof UserRealm) {
                    return ((UserRealm) realm).hasRole(principals, roleIdentifier);
                }
            }
        }
        return false;
    }
}

我这里使用的是springboot,需要在shiroconfig里面的securityManager添加进这个自定义的CustomizedModularRealmAuthorizer

@Bean
    public DefaultWebSecurityManager securityManager(UserRealm customRealm, AdminRealm adminRealm, DefaultWebSessionManager sessionManager) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        List<Realm> realms = new ArrayList<>();
        realms.add(customRealm);
        realms.add(adminRealm);
        securityManager.setRealms(realms);
        securityManager.setSessionManager(sessionManager);
        securityManager.setCacheManager(new RedisCacheManager());
        //====================多realm授权核心代码===================
        CustomizedModularRealmAuthorizer authorizer = new CustomizedModularRealmAuthorizer();
        authorizer.setRealms(realms);
        securityManager.setAuthorizer(authorizer);
        //====================多realm授权核心代码===================
        return securityManager;
    }


更多内容请访问:IT源点

注意:本文归作者所有,未经作者允许,不得转载

#Java
阅读全部
相关文章推荐

全部评论: 0

    我有话说: