shrio自定义realm，权限拦截

pyzheng

浏览: 3420802 次
性别:
来自: 珠海

最近访客更多访客>>

kopomimi

oszerone

lindow

leisure0422

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

2016-06 ( 26)
2016-05 ( 32)
2016-04 ( 33)
更多存档...

博客分类：

Spring
开源应用

http://my.oschina.net/sheldon1/blog/603351

一，自定义realm，重写认证，授权，验证权限三个方法

public class UserRealm extends AuthorizingRealm {
 
    @Autowired
    private SysUserService userService;
 
    @Autowired
    private UserAuthService userAuthService;
 
    private Logger logger = LoggerFactory.getLogger(this.getClass());
 
    /**
     * 授权
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
 
        SysUser user = (SysUser) principals.getPrimaryPrincipal();
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.setRoles(userAuthService.findStringRoles(user.getId()));
        authorizationInfo.setStringPermissions(userAuthService.findStringPermissions(user.getId()));
 
        return authorizationInfo;
    }
 
    /**
     * 认证
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
 
        logger.info("----------------认证----------------");
 
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        String username = upToken.getUsername().trim();
        String password = "";
        if (upToken.getPassword() != null) {
            password = new String(upToken.getPassword());
        }
        SysUser user = userService.login(username, password);
 
        if (user != null) {
            SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password.toCharArray(), getName());
            return info;
        }
        return null;
    }
 
    //重写权限判断方法，加入正则判断
    @Override
    public boolean isPermitted(PrincipalCollection principals, String permission) {
        AuthorizationInfo info = getAuthorizationInfo(principals);
        Collection<String> permissions = info.getStringPermissions();
        return permissions.contains(permission) || patternMatch(permissions, permission);
    }
 
    /**
     * 正则
     * @param patternUrlList
     * @param requestUri
     * @return
     */
    public boolean patternMatch(Collection<String> patternUrlList, String requestUri) {
        boolean flag = false;
        for (String patternUri : patternUrlList) {
            if (StringUtils.isNotEmpty(patternUri)) {
                Pattern pattern = Pattern.compile(patternUri);
                Matcher matcher = pattern.matcher(requestUri);
                if (matcher.matches()) {
                    flag = true;
                    break;
                }
            }
        }
        return flag;
    }

二、授权filter

isAccessAllowed，拦截方法，返回true表示通过验证，返回false会执行onAccessDenied方法。

public class LoginCheckPermissionFilter extends AuthorizationFilter {
 
    public Logger logger = LoggerFactory.getLogger(getClass());
 
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        String url = httpServletRequest.getRequestURI();
        try {
            Subject user = SecurityUtils.getSubject();
 
            return user.isPermitted(url);
        } catch (Exception e) {
            logger.error("check permission error", e);
        }
        return true;
    }
 
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
        Subject subject = getSubject(request, response);
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        String method = httpServletRequest.getMethod();
        if (subject.getPrincipal() == null) {
            saveRequestAndRedirectToLogin(request, response);
        } else {
            String unauthorizedUrl = getUnauthorizedUrl();
            if (StringUtils.hasText(unauthorizedUrl)) {
                if (method.equals("POST")) {
                    httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
                    String result = JSON.toJSONString(new BaseResp("没有权限,请联系管理员！", BizConstants.FAIL));
                    httpServletResponse.getWriter().write(result);
                } else {
                    WebUtils.issueRedirect(request, response, unauthorizedUrl);
                }
            } else {
                WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
            }
        }
        return false;
    }
}

三、shiro部分配置

 <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/login"/>
    <!--<property name="successUrl" value="/loginOK" />-->
    <property name="unauthorizedUrl" value="/noPermission"/>
    <property name="filters">
        <map>
            <entry key="perms" value-ref="loginCheckPermissionFilter"/>
            <entry key="user" value-ref="myUserFilter"/>
        </map>
    </property>
 
    <property name="filterChainDefinitions">
        <value>
            /favicon.ico = anon
            /resources/** = anon
            /PoiTemplate/** = anon
            /login = anon
            /logout = user
            /** = user,perms
        </value>
    </property>
</bean>

分享到：

借助phpmailer使用gmail和163邮箱发送邮 ... | 常见移动设备的 CSS3 Media Query 整理

2016-01-15 21:36
浏览 2078
评论(0)
分类:企业架构
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

shrio自定义realm，权限拦截

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

shrio自定义realm，权限拦截

评论

发表评论

相关推荐

分布式存储系统GlusterFS安装配置

分布式查询 presto 入门安装使用

Spring Boot 属性配置

Spring Boot 集成MyBatis

Spring MVC防重复提交

Spring容器加载完之后执行特定任务

跟我学习dubbo

JavaMelody监控web服务器

使用spring-session和shiro来代理session的配置

JSTL 的 if else : 有 c:if 没有 else 的处理

spring mvc 请求转发和重定向

freemarker使用记录

freemarker判断是否为空

ehcache 分布式支持

Intellij IDEA插件开发入门

阿里巴巴Druid数据源的配置与使用

mvc:view-controller

spring配置事物的方式:注解和aop配置

分布式任务调度组件 Uncode-Schedule

Mybatis分库分表扩展插件

最近访客更多访客>>