改变Realm来源
在ShiroConfig类中之前是连接JdbcRealm,JdbcRealm自动封装了认证和授权的SQL,而自定义realm到自己写,并且安全数据源要换成myRealm。
1
2
3
4
5
6
7
8
9
10
11
| @Bean
public MyRealm getMyRealm(){
MyRealm myRealm = new MyRealm();
return myRealm;
}
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(MyRealm myRealm) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(myRealm);
return defaultWebSecurityManager;
}
|
配置MyRealm
myRealm主要负责登录和授权,并把查询结果返回给SecurityManager安全管理器。并表示MyRealm类的真实名字。MyRealm类继承AuthorizingRealm类shiro从才认识自定义的realm。并把认证和授权的信息封装成Realm规定的对象
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| public class MyRealm extends AuthorizingRealm {
@Resource
private UserDao userDao;
@Resource
private RoleDao roleDao;
@Resource
private PermissionDao permissionDao;
public String getName(){
return "myRealm";
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String username = (String) principalCollection.iterator().next();
Set<String> roleNames = roleDao.queryRolenameByUsername(username);
Set<String> permissionCode = permissionDao.queryPermissionCodeByUsername(username);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setRoles(roleNames);
info.setStringPermissions(permissionCode);
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String username = token.getUsername();
Users users = userDao.queryUserByUsername(username);
AuthenticationInfo info = new SimpleAuthenticationInfo(username,users.getPwd(),getName());
return info;
}
}
|
