/*
*获取了当前登录用户的角色信息。
*
* @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
/*User user = (User)principals.fromRealm(getName()).iterator().next();*/
String name = (String) getAvailablePrincipal(principals);
Set<String> roles = new HashSet<String>();
User user = userService.findUserByNameAndPassword(name, "", 1);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
List<UserRoleOrgRelation> relations = user.getUserRoleOrgRelations();
for (UserRoleOrgRelation relation : relations) {
roles.add(String.valueOf(relation.getRole().getId()));
}
info.addRoles(roles);
return info;
}
/*
* (non-Javadoc)
* 认证是否通过,登录
* @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
String userName = token.getUsername();
User user = userService.findUserByNameAndPassword(userName, "", 1);
if (user == null) {
throw new AuthenticationException();
}
// 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以自定义实现
SimpleAuthenticationInfo info =
new SimpleAuthenticationInfo(
user.getUserName(),
user.getPassword(),
ByteSource.Util.bytes(user.getSalt()),
user.getRealName());
return info;
}
