// 载入角色和权限
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String loginName = (String) principals.getPrimaryPrincipal();
User user = adminUserDao.getByLoginName(loginName);
Set<String> permissionSet = adminUserDao.getPermissions(user.getId());
Set<String> roleSet = adminUserDao.getRoles(user.getId());
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(roleSet);
authorizationInfo.setStringPermissions(permissionSet);
return authorizationInfo;
}
// 验证用户
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
String loginName = (String) token.getPrincipal(); // 得到用户名
String password = new String((char[]) token.getCredentials()); // 得到密码
User user = new User();
user.setLoginName(loginName);
user.setPassword(password);
User loginUser = adminUserDao.login(user.getLoginName(), user.getPassword());
if (loginUser == null || loginUser.getId() <= 0) {
throw new IncorrectCredentialsException("用户名或密码不正确!");
}
// 如果身份认证验证成功,返回一个 AuthenticationInfo 实现;
return new SimpleAuthenticationInfo(loginName, password, getName());
}