/** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("=========================doGetAuthorizationInfo");
ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
ShiroUser user = shiroUserService.findUserByLoginName(shiroUser.getUsername());
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
List<ShiroRole> roles = user.getRoleList(); // 用户角色
List<ShiroPermission> permissions = user.getPermissionList(); // 用户权限
if (roles != null) {
for (ShiroRole role : roles) {
// 基于Role的权限信息
info.addRole(role.getRoleName());
// 基于角色Permission的权限信息
List<ShiroPermission> rolePermissions = role.getPermissionList();
if (rolePermissions != null) {
for (ShiroPermission permission : rolePermissions) {
info.addStringPermission(permission.getPermissionName());
}
}
}
}
if (permissions != null) {
for (ShiroPermission permission : permissions) {
// 基于用户Permission的权限信息
info.addStringPermission(permission.getPermissionName());
}
}
// TODO:删除,测试用代码
info.addRole("root");
info.addStringPermission("user:edit");
info.addStringPermission("user:list");
return info;
}
/** 认证回调函数,登录时调用. */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AccountException {
Subject currentUser = SecurityUtils.getSubject();
currentUser.getSession();
System.out.println("============" + this.getAuthenticationCacheName());
System.out.println("============" + this.getAuthorizationCacheName());
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
ShiroUser user = null;
try {
user = shiroUserService.findUserByLoginName(token.getUsername());
} catch (Exception e) {
e.printStackTrace();
}
if (user != null) {
if (!user.isEnabled()) {
throw new DisabledAccountException();
}
byte[] salt = EncodeUtils.hexDecode(user.getSalt());
return new SimpleAuthenticationInfo(
user, user.getPassword(), ByteSource.Util.bytes(salt), getName());
} else {
return null;
}
}
/**
* 覆盖默认实现,用sendRedirect直接跳出框架,以免造成js框架重复加载js出错。
*
* @param token
* @param subject
* @param request
* @param response
* @return
* @throws Exception
* @see
* org.apache.shiro.web.filter.authc.FormAuthenticationFilter#onLoginSuccess(org.apache.shiro.authc.AuthenticationToken,
* org.apache.shiro.subject.Subject, javax.servlet.ServletRequest,
* javax.servlet.ServletResponse)
*/
@Override
protected boolean onLoginSuccess(
AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response)
throws Exception {
// issueSuccessRedirect(request, response);
// we handled the success redirect directly, prevent the chain from continuing:
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
ShiroUser shiroUser = (ShiroUser) subject.getPrincipal();
// 加入ipAddress
shiroUser.setIpAddress(request.getRemoteAddr());
if (!"XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("X-Requested-With"))
|| request.getParameter("ajax") == null) { // 不是ajax请求
httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.getSuccessUrl());
} else {
httpServletResponse.sendRedirect(
httpServletRequest.getContextPath() + "/login/timeout/success");
}
return false;
}