/** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("=========================doGetAuthorizationInfo");
ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
ShiroUser user = shiroUserService.findUserByLoginName(shiroUser.getUsername());
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
List<ShiroRole> roles = user.getRoleList(); // 用户角色
List<ShiroPermission> permissions = user.getPermissionList(); // 用户权限
if (roles != null) {
for (ShiroRole role : roles) {
// 基于Role的权限信息
info.addRole(role.getRoleName());
// 基于角色Permission的权限信息
List<ShiroPermission> rolePermissions = role.getPermissionList();
if (rolePermissions != null) {
for (ShiroPermission permission : rolePermissions) {
info.addStringPermission(permission.getPermissionName());
}
}
}
}
if (permissions != null) {
for (ShiroPermission permission : permissions) {
// 基于用户Permission的权限信息
info.addStringPermission(permission.getPermissionName());
}
}
// TODO:删除,测试用代码
info.addRole("root");
info.addStringPermission("user:edit");
info.addStringPermission("user:list");
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// TODO Auto-generated method stub
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
if (principals.fromRealm("jianyu").iterator().hasNext()) {
info.addRole("jianyu");
} else if (principals.fromRealm("fayuan").iterator().hasNext()) {
info.addRole("fayuan");
}
return info;
}
/** 授权 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
logger.info("monitorRealm--授权");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRole("role"); // 角色允许,
info.addStringPermission("permission"); // 资源允许
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String userName = (String) principalCollection.getPrimaryPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
if ("bush".equals(userName)) {
info.addRole("president");
info.addStringPermission("war:start");
info.addStringPermission("war:watch");
} else if ("ban ki-moon".equals(userName)) {
info.addRole("nato");
info.addStringPermission("war:*");
} else if ("balkenende".equals(userName)) {
info.addRole("primeminister");
info.addStringPermission("war:watch");
}
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addRole("role1");
authorizationInfo.addRole("role2");
authorizationInfo.addObjectPermission(new BitPermission("+user1+10"));
authorizationInfo.addObjectPermission(new WildcardPermission("user1:*"));
authorizationInfo.addStringPermission("+user2+10");
authorizationInfo.addStringPermission("user2:*");
return authorizationInfo;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) {
// only if authenticated with this realm too
if (!principals.getRealmNames().contains(getName())) {
return null;
}
// add the default role
final SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addRole(kenaiRealmConfiguration.getConfiguration().getDefaultRole());
return authorizationInfo;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
CustomerLogin login =
queryService.findCustomerLoginByLoginId(getAvailablePrincipal(principals));
if (login == null) {
return null;
}
SimpleAuthorizationInfo result = new SimpleAuthorizationInfo();
result.addRole(CUSTOMERADMIN_ROLENAME);
return result;
}
/**
* Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user
* : id + attributes).
*
* @param principals the primary identifying principals of the AuthorizationInfo that should be
* retrieved.
* @return the AuthorizationInfo associated with this principals.
*/
@Override
@SuppressWarnings("unchecked")
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// retrieve user information
SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
List<Object> listPrincipals = principalCollection.asList();
Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
String authorityStr = attributes.get("authority");
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
try {
String username = URLDecoder.decode(attributes.get("username"), "UTF-8");
if ("admin".equals(username)) {
simpleAuthorizationInfo.addRole("admin");
}
if (authorityStr != null) {
ObjectMapper objectMapper = new ObjectMapper();
authorityStr = java.net.URLDecoder.decode(authorityStr, "UTF-8").replace(""", "\"");
List<Map<String, Object>> authorityList = objectMapper.readValue(authorityStr, List.class);
for (Map<String, Object> auth : authorityList) {
String appCode = auth.get("appCode").toString();
if (simpleAuthorizationInfo.getRoles() == null) {
simpleAuthorizationInfo.addRole(appCode);
} else if (!simpleAuthorizationInfo.getRoles().contains(appCode)) {
simpleAuthorizationInfo.addRole(appCode);
}
simpleAuthorizationInfo.addStringPermission(appCode + ":" + auth.get("url").toString());
// simpleAuthorizationInfo.addRole(auth.get("role").toString());
}
}
} catch (JsonParseException e) {
e.printStackTrace();
} catch (JsonMappingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return simpleAuthorizationInfo;
}
/** 授权-未授权的情况下调用 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
User user = userService.findByUserName(shiroUser.loginName);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for (Role role : user.getRoleList()) {
// 基于Role的权限信息
info.addRole(role.getRoleName());
// 基于Permission的权限信息
info.addStringPermissions(role.getPermissions());
}
// log.info(info.getRoles().toString());
return info;
}
/** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Principal principal = (Principal) getAvailablePrincipal(principals);
// 获取当前已登录的用户
if (!Global.TRUE.equals(Global.getConfig("user.multiAccountLogin"))) {
Collection<Session> sessions =
getSystemService()
.getSessionDao()
.getActiveSessions(true, principal, UserUtils.getSession());
if (sessions.size() > 0) {
// 如果是登录进来的,则踢出已在线用户
if (UserUtils.getSubject().isAuthenticated()) {
for (Session session : sessions) {
getSystemService().getSessionDao().delete(session);
}
}
// 记住我进来的,并且当前用户已登录,则退出当前用户提示信息。
else {
UserUtils.getSubject().logout();
throw new AuthenticationException("msg:账号已在其它地方登录,请重新登录。");
}
}
}
User user = getSystemService().getUserByLoginName(principal.getLoginName());
if (user != null) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
List<Menu> list = UserUtils.getMenuList();
for (Menu menu : list) {
if (StringUtils.isNotBlank(menu.getPermission())) {
// 添加基于Permission的权限信息
for (String permission : StringUtils.split(menu.getPermission(), ",")) {
info.addStringPermission(permission);
}
}
}
// 添加用户权限
info.addStringPermission("user");
// 添加用户角色信息
for (Role role : user.getRoleList()) {
info.addRole(role.getEnname());
}
// 更新登录IP和时间
getSystemService().updateUserLoginInfo(user);
// 记录登录日志
LogUtils.saveLog(Servlets.getRequest(), "系统登录");
return info;
} else {
return null;
}
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// make sure the user is jcool, (its just for testing)
if (principals.asList().get(0).toString().equals("jcool")) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRole("test-role1");
info.addRole("test-role2");
info.addStringPermission("test:*");
return info;
}
return null;
}
@Override
@SuppressWarnings("unchecked")
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
logger.trace("resolve authorization info");
// retrieve user information
SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
List<Object> listPrincipals = principalCollection.asList();
Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
// create simple authorization info
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
// add default roles
addRoles(simpleAuthorizationInfo, split(getDefaultRoles()));
// add default permissions
addPermissions(simpleAuthorizationInfo, split(getDefaultPermissions()));
// get roles from attributes
List<String> attributeNames = split(getRoleAttributeNames());
for (String attributeName : attributeNames) {
final Object value = attributes.get(attributeName);
if (value instanceof Collection<?>) {
for (final Object valueEntry : (Collection<?>) value) {
addRoles(simpleAuthorizationInfo, split((String) valueEntry));
}
} else {
addRoles(simpleAuthorizationInfo, split((String) value));
}
}
// get permissions from attributes
attributeNames = split(getPermissionAttributeNames());
for (String attributeName : attributeNames) {
final Object value = attributes.get(attributeName);
if (value instanceof Collection<?>) {
for (final Object valueEntry : (Collection<?>) value) {
addPermissions(simpleAuthorizationInfo, split((String) valueEntry));
}
} else {
addPermissions(simpleAuthorizationInfo, split((String) value));
}
}
if (simpleAuthorizationInfo.getRoles() != null
&& simpleAuthorizationInfo.getRoles().contains(configuration.getAdministratorRole())) {
simpleAuthorizationInfo.addRole(Roles.ADMINISTRATOR);
}
return simpleAuthorizationInfo;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
Role role = roleFacade().findByName("Public");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRole("Public");
for (Permission p : role.getPermissions()) {
JpaRealm.addPermissions(info, p);
}
return info;
} catch (EJBException e) {
return null;
} catch (NamingException ex) {
logger.error("Unable to find RoleFacade EJB", ex);
return null;
}
}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// Long userId = (Long)
// principals.fromRealm(getName()).iterator().next();
// Useraccount user = userAccountService.getUserAccount(userId);
Object u = principals.iterator().next();
Useraccount user = null;
if (u instanceof Useraccount) {
// re-retrieve the useraccount instance as the one enclosed in
// principal
// does not carry roles in it
logger.info("user is a user");
int userid = ((Useraccount) u).getId();
user = userAccountService.getUserAccount(userid);
} else {
logger.info("user is not user");
}
if (user != null) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// FIXME add roles
// for (Role role : user.getRoles()) {
// info.addRole(role.getName());
// info.addStringPermissions(role.getPermissions());
// }
List<Userrole> roles = user.getRoles();
logger.info("id:" + user.getId());
logger.info("uname:" + user.getUsername());
logger.info("email:" + user.getEmail());
if (roles == null) {
logger.info("roles is null");
} else if (roles.size() == 0) {
logger.info("has no roles");
} else {
for (Userrole role : roles) {
logger.info("role:" + role.getRolename());
info.addRole(role.getRolename());
// info.addStringPermissions(role.getPermissions());
}
}
return info;
} else {
return null;
}
}
/**
* Add roles to the simple authorization info.
*
* @param simpleAuthorizationInfo
* @param roles the list of roles to add
*/
private void addRoles(SimpleAuthorizationInfo simpleAuthorizationInfo, List<String> roles) {
for (String role : roles) {
simpleAuthorizationInfo.addRole(role);
}
}