7.自定义Realm实现授权 7.自定义Realm实现授权

1.仅仅通过ini配置文件来指定权限不够灵活，并且不方便。在实际应用中大多数情况下都将用户信息，角色信息，权限信息保存到数据库中，所以需要去数据库中获取相关的权限信息。可以使用shiro提供的jdbcRealm（当然也不灵活），也可以自定义Realm来实现。
2.自定义Realm需要继承AuthorizingRealm
【7.自定义Realm实现授权】ini配置文件：

[main]UserRealm=com.lyh.shouquanRealm_demo securityManager.realms=$UserRealm

自定义Realm类：

import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import java.util.ArrayList; import java.util.List; public class shouquanRealm_demo extends AuthorizingRealm { //自定义授权方法 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String username = principalCollection.getPrimaryPrincipal().toString(); System.out.println("授权的用户名------------"+username); //根据这个用户名去数据库中查询出对应的权限信息 //模拟一下从数据库中查询出的结果 List permission = new ArrayList<>(); permission.add("user:add"); permission.add("user:update"); permission.add("user:delete"); permission.add("user:find"); SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); for(String s:permission){ info.addStringPermission(s); } return info; }//自定义身份认证方法 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //获取身份信息,获取用户输入的用户名 String username = (String)authenticationToken.getPrincipal(); System.out.println("用户名==========="+username); //根据用户名到数据库查询密码 //模拟从数据库获得密码123 String pwd="123"; //将从数据库中查询的信息，封装到SimpleAuthenticationInfo中 SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,pwd, getName()); return info; } }

shiro测试代码：

import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; public class TestShouquanRealm_demo { public static void main(String[] args) { //1、获取SecurityManager工厂，此处使用Ini配置文件初始化SecurityManager Factory factory= new IniSecurityManagerFactory("classpath:shouquanRealm.ini"); //2、得到SecurityManager实例并绑定给SecurityUtils SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); //3、得到Subject及创建用户名/密码身份验证Token（即用户身份/凭证） Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123"); try { subject.login(token); if(subject.isAuthenticated()){ System.out.println("验证通过"); } boolean permitted = subject.isPermittedAll("user:add","user:find","user:update","user:delete"); System.out.println(permitted); } catch (AuthenticationException e) { e.printStackTrace(); System.out.println("验证失败"); } } }