zoukankan      html  css  js  c++  java
  • 自定义shiro的验证方式

    在认证、授权内部实现机制中,最终处理都将交给Real进行处理。因为在Shiro中,最终是通过Realm来获取应用程序中的用户、角色及权限信息的。

    在应用程序中要做的是自定义一个Realm类,继承AuthorizingRealm抽象类,重载doGetAuthenticationInfo (),重写获取用户信息的方法。而授权实现则与认证实现非常相似,在我们自定义的Realm中,重载doGetAuthorizationInfo()方法,重写获取用户权限的方法。

    public class ShiroDbRealm extends AuthorizingRealm {
    
        /**
         * 登录认证/获取用户信息
         */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
                throws AuthenticationException {
            IShiro shiroFactory = ShiroFactroy.me();
            UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
            //根据前端传的用户,查找数据库用户的记录封装在user里
            User user = shiroFactory.user(token.getUsername());
            ShiroUser shiroUser = shiroFactory.shiroUser(user);
            SimpleAuthenticationInfo info = shiroFactory.info(shiroUser, user, super.getName());
            return info;
        }
    
        /**
         * 权限认证/获取用户权限
         */
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
            IShiro shiroFactory = ShiroFactroy.me();
            ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
            List<Integer> roleList = shiroUser.getRoleList();
    
            Set<String> permissionSet = new HashSet<>();
            Set<String> roleNameSet = new HashSet<>();
    
            for (Integer roleId : roleList) {
                List<String> permissions = shiroFactory.findPermissionsByRoleId(roleId);
                if (permissions != null) {
                    for (String permission : permissions) {
                        if (ToolUtil.isNotEmpty(permission)) {
                            permissionSet.add(permission);
                        }
                    }
                }
                String roleName = shiroFactory.findRoleNameByRoleId(roleId);
                roleNameSet.add(roleName);
            }
    
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
            info.addStringPermissions(permissionSet);
            info.addRoles(roleNameSet);
            return info;
        }
    
        /**
         * 设置认证加密方式
         */
        @Override
        public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
            super.setCredentialsMatcher(new CustomCredentialsMatcher());
        }
    }

    自定义密码认证方式

    自定义实现类继承SimpleCredentialsMatcher,重载doCredentialsMatch方法,自定义验证方式

    public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {
        @Override
        public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
    
            UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
            Object tokenCredentials = encrypt(String.valueOf(token.getPassword()));
            //System.err.println("encryptionPw:"+encrypt(String.valueOf(token.getPassword())));
            Object accountCredentials = getCredentials(info);
            //将密码加密与系统加密后的密码校验,内容一致就返回true,不一致就返回false
            return equals(tokenCredentials, accountCredentials);
        }
    
        //密码加密方法
        private String encrypt(String data) {
            String encryptionPw = ShiroKit.md5(data);
            return encryptionPw;
        }
    }

    最后在自定义的Realm类中设置。

    /**
         * 设置认证加密方式
         */
        @Override
        public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
            super.setCredentialsMatcher(new CustomCredentialsMatcher());
        }
  • 相关阅读:
    C#的list和arry相互转化
    c++11の的左值、右值以及move,foward
    c++11の异步方法 及线程间通信
    C#的static
    HDU4027 Can you answer these queries?
    POJ3264 Balances Lineup
    ZOJ1610 Count the Colors
    ZOJ4110 Strings in the Pocket(2019浙江省赛)
    HDU1698 Just a Hook
    POJ3468 A Simple Problem with Integers
  • 原文地址:https://www.cnblogs.com/xiaowangxiao/p/11216716.html
Copyright © 2011-2022 走看看