UserRealm.java

package com.server.shiro.realm;

import com.server.shiro.context.ContextPermissionManager;
import com.server.shiro.constants.Constants;
import com.server.shiro.context.PermissionManage;
import com.server.shiro.exception.AccountErrorException;
import com.server.shiro.persistent.bean.SysPermission;
import com.server.shiro.persistent.bean.SysRole;
import com.server.shiro.persistent.bean.SysRule;
import com.server.shiro.persistent.bean.SysUser;
import com.server.shiro.persistent.repository.UserRepository;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

/**
 * Created by yinbinhome@163.com on 2018/2/23.
 * description:
 */
public class UserRealm extends AuthorizingRealm {
    private Logger logger = LoggerFactory.getLogger(UserRealm.class);

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private PermissionManage permissionManager;
    /**
     * 权限认证，角色和权限
     * 对url的认证，当前用户有哪些URL访问的权限
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String username= (String) principals.getPrimaryPrincipal();

        Set<String> ps=new HashSet<String>();
        //查询用户的权限
        List<SysUser> up = (List<SysUser>) permissionManager.pullPermission();
        for(SysUser user:up){
            if(user.getUsername().equals(username)){
                Set<SysRole> roles = (Set<SysRole>) user.getRoles();
                for(SysRole r:roles){
                    for(SysRule rule:r.getRules()){
                        for(SysPermission p:rule.getPermissions()){
                            ps.add(p.getPermissionCode());
                        }
                    }
                }
            }
        }
        //为当前用户设置角色和权限
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.addStringPermissions(ps);
        return authorizationInfo;
    }

    /**
     * 用户认证，验证用户名和密码
     * 验证当前登录的Subject
     * LoginController.login()方法中执行Subject.login()时 执行此方法
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
        String loginName = (String) authcToken.getPrincipal();
        // 获取用户密码
        String password = new String((char[]) authcToken.getCredentials());
        SysUser user = userRepository.getByUsernameIsAndPasswordIs(loginName, password);
//        SysUser user = userRepository.getByUsernameIs(loginName);

        if (user == null) {
            //没找到帐号
            throw new AccountErrorException();
        }
        //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配，如果觉得人家的不好可以自定义实现
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                user.getUsername(),
                user.getPassword(),
//                ByteSource.Util.bytes("salt"),
                getName()
        );
        //session中不需要保存密码
        user.setPassword("");
        SecurityUtils.getSubject().getSession().setAttribute(Constants.SESSION_USER_INFO, user);
        return authenticationInfo;
    }
}