自定义Realm解析

自定义Realm解析--------------------------------------->

/*
 * Copyright 2005-2013 shopxx.net. All rights reserved.
 * Support: http://www.shopxx.net
 * License: http://www.shopxx.net/license
 */
package net.shopxx;

import java.util.Date;
import java.util.List;

import javax.annotation.Resource;

import net.shopxx.Setting.AccountLockType;
import net.shopxx.Setting.CaptchaType;
import net.shopxx.entity.Admin;
import net.shopxx.service.AdminService;
import net.shopxx.service.CaptchaService;
import net.shopxx.util.SettingUtils;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.time.DateUtils;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.pam.UnsupportedTokenException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/**
 * 权限认证
 * 
 * @author LinkCity Team
 * @version 3.0
 */
public class AuthenticationRealm extends AuthorizingRealm {

    @Resource(name = "captchaServiceImpl")
    private CaptchaService captchaService;
    @Resource(name = "adminServiceImpl")
    private AdminService adminService;

    /**
     * 获取认证信息
     * 
     * @param token
     *            令牌
     * @return 认证信息
     */
    @Override
    /*
     * 验证当前用户的合法性---也就是登录验证
     */
    protected AuthenticationInfo doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token) {
        //获取当前登录令牌（令牌包括的信息有username、password、remember、captcha验证码、登录IP）
        AuthenticationToken authenticationToken = (AuthenticationToken) token;
        String username = authenticationToken.getUsername();
        String password = new String(authenticationToken.getPassword());
        String captchaId = authenticationToken.getCaptchaId();
        String captcha = authenticationToken.getCaptcha();
        String ip = authenticationToken.getHost();
        //验证验证码是否正确
        if (!captchaService.isValid(CaptchaType.adminLogin, captchaId, captcha)) {
            throw new UnsupportedTokenException();
        }
        if (username != null && password != null) {
            //根据当前username获取数据库的admin用户
            Admin admin = adminService.findByUsername(username);
            //判断是否有此用户
            if (admin == null) {
                throw new UnknownAccountException();
            }
            //判断当前用户是否可用
            if (!admin.getIsEnabled()) {
                throw new DisabledAccountException();
            }
            Setting setting = SettingUtils.get();
            //判断用户是否被锁定
            if (admin.getIsLocked()) {
                if (ArrayUtils.contains(setting.getAccountLockTypes(), AccountLockType.admin)) {
                    int loginFailureLockTime = setting.getAccountLockTime();
                    if (loginFailureLockTime == 0) {
                        throw new LockedAccountException();
                    }
                    Date lockedDate = admin.getLockedDate();
                    Date unlockDate = DateUtils.addMinutes(lockedDate, loginFailureLockTime);
                    if (new Date().after(unlockDate)) {
                        admin.setLoginFailureCount(0);
                        admin.setIsLocked(false);
                        admin.setLockedDate(null);
                        adminService.update(admin);
                    } else {
                        throw new LockedAccountException();
                    }
                } else {
                    admin.setLoginFailureCount(0);
                    admin.setIsLocked(false);
                    admin.setLockedDate(null);
                    adminService.update(admin);
                }
            }
            //判断密码是否正确
            if (!DigestUtils.md5Hex(password).equals(admin.getPassword())) {
                int loginFailureCount = admin.getLoginFailureCount() + 1;
                if (loginFailureCount >= setting.getAccountLockCount()) {
                    admin.setIsLocked(true);
                    admin.setLockedDate(new Date());
                }
                admin.setLoginFailureCount(loginFailureCount);
                adminService.update(admin);
                throw new IncorrectCredentialsException();
            }
            admin.setLoginIp(ip);
            admin.setLoginDate(new Date());
            admin.setLoginFailureCount(0);
            //更新用户登录信息
            adminService.update(admin);
            //返回一个封装了用户信息的AuthenticationInfo实例
            return new SimpleAuthenticationInfo(new Principal(admin.getId(), username), password, getName());
        }
        throw new UnknownAccountException();
    }

    /**
     * 获取授权信息
     * 
     * @param principals
     *            principals
     * @return 授权信息
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        //获取当前登录用户的信息
        Principal principal = (Principal) principals.fromRealm(getName()).iterator().next();
        if (principal != null) {
            //查找当前用户的角色
            List<String> authorities = adminService.findAuthorities(principal.getId());
            if (authorities != null) {
                //获取当前用户的登录令牌
                SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
                //为当前用户令牌添加权限集合
                authorizationInfo.addStringPermissions(authorities);
                return authorizationInfo;
            }
        }
        return null;
    }

}