/**
* 获取授权信息
*
* @param principals
* @return
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (!principals.isEmpty() && principals.fromRealm(getName()).size() > 0) {
Object id = principals.fromRealm(getName()).iterator().next();
if (id != null) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
if (enableRoles && enablePerms) {
Map<String, Collection<String>> rolesAndPerms = realmService.getUserRolesAndPerms(id);
Collection<String> roles = rolesAndPerms.get(roles_in_map_key);
Collection<String> perms = rolesAndPerms.get(perms_in_map_key);
if (roles != null && !roles.isEmpty()) {
info.addRoles(roles);
}
if (perms != null && !perms.isEmpty()) {
info.addStringPermissions(perms);
}
} else if (enableRoles && !enablePerms) {
Collection<String> perms = realmService.getPermissions(id);
if (perms != null && !perms.isEmpty()) {
info.addStringPermissions(perms);
}
} else if (enablePerms && !enableRoles) {
Collection<String> roles = realmService.getRoles(id);
if (roles != null && !roles.isEmpty()) {
info.addRoles(roles);
}
}
return info;
} else {
return null;
}
} else return null;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// 根据用户配置用户与权限
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
String name = (String) getAvailablePrincipal(principals);
List<String> roles = new ArrayList<String>();
List<String> per = new ArrayList<String>();
// 简单默认一个用户与角色,实际项目应
User user = userService.findByUserName(name);
if (user.getUsername().equals(name)) {
if (user.getRoleList().size() > 0) {
for (int i = 0; i < user.getRoleList().size(); i++) {
roles.add(user.getRoleList().get(i).getRole());
for (int k = 0; k < user.getRoleList().get(i).getPermissionsList().size(); k++) {
per.add(user.getRoleList().get(i).getPermissionsList().get(k).getPermission());
}
}
}
} else {
throw new AuthorizationException();
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// 增加角色
info.addRoles(roles);
info.addStringPermissions(per);
return info;
}
/**
* Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user
* : id + attributes).
*
* @param principals the primary identifying principals of the AuthorizationInfo that should be
* retrieved.
* @return the AuthorizationInfo associated with this principals.
*/
@Override
@SuppressWarnings("unchecked")
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// retrieve user information
SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
String userName = (String) principalCollection.getPrimaryPrincipal();
User user = getUserRepository().getByName(userName);
Set<String> roles = user.getRolesName();
Set<String> permissions = user.getPermissions();
List<Object> listPrincipals = principalCollection.asList();
Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
// create simple authorization info
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
// add default roles
simpleAuthorizationInfo.addRoles(roles);
// add default permissions
simpleAuthorizationInfo.addStringPermissions(permissions);
// get roles from attributes
List<String> attributeNames = split(roleAttributeNames);
for (String attributeName : attributeNames) {
String value = attributes.get(attributeName);
addRoles(simpleAuthorizationInfo, split(value));
}
// get permissions from attributes
attributeNames = split(permissionAttributeNames);
for (String attributeName : attributeNames) {
String value = attributes.get(attributeName);
addPermissions(simpleAuthorizationInfo, split(value));
}
return simpleAuthorizationInfo;
}
/**
* 为当前登录的Subject授予角色和权限
*
* @see 经测试:本例中该方法的调用时机为需授权资源被访问时
* @see 经测试:并且每次访问需授权资源时都会执行该方法中的逻辑,这表明本例中默认并未启用AuthorizationCache
* @see 个人感觉若使用了Spring3.1开始提供的ConcurrentMapCache支持,则可灵活决定是否启用AuthorizationCache
* @see 比如说这里从数据库获取权限信息时,先去访问Spring3.1提供的缓存,而不使用Shior提供的AuthorizationCache
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// 获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()
String currentUsername = (String) super.getAvailablePrincipal(principals);
List<String> roles = new ArrayList<String>();
List<String> permissions = new ArrayList<String>();
// 从数据库中获取当前登录用户的详细信息
User user = userService.getByAccount(currentUsername);
if (null != user) {
List<Role> roleList = userService.getRolesByUserId(user.getUserId());
List<Permission> permissionList = userService.getPermissionsByUserId(user.getUserId());
// 实体类User中包含有用户角色的实体类信息
if (null != roleList && roleList.size() > 0) {
// 获取当前登录用户的角色
for (Role role : roleList) {
roles.add(role.getName());
}
// 实体类Role中包含有角色权限的实体类信息
for (Permission permission : permissionList) {
permissions.add(permission.getDescription());
}
}
} else {
throw new AuthorizationException();
}
// 为当前用户设置角色和权限
SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
simpleAuthorInfo.addRoles(roles);
simpleAuthorInfo.addStringPermissions(permissions);
return simpleAuthorInfo;
}
/** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
User user = accountService.findUserByLoginName(shiroUser.loginName);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(user.getRoleList());
return info;
}
/** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
// 获取登录用户的信息
User user = userService.findUserByLoginName(shiroUser.name);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// 添加用户所具有的权限信息
info.addRoles(user.getRoleList());
return info;
}
/** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Object principal = principals.getPrimaryPrincipal();
SecurityUser<Long> user =
(SecurityUser) principal; // userHessianService.findUserByPrincipal(principal);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
if (user != null) {
List<String> roles = userHessianService.getSecurityGroups(user.getId());
List<String> auths = userHessianService.getSecurityPermissions(user.getId());
if (null != roles && !roles.isEmpty()) info.addRoles(roles);
if (null != auths && !auths.isEmpty()) info.addStringPermissions(auths);
}
return info;
}
/*
*获取了当前登录用户的角色信息。
*
* @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
/*User user = (User)principals.fromRealm(getName()).iterator().next();*/
String name = (String) getAvailablePrincipal(principals);
Set<String> roles = new HashSet<String>();
User user = userService.findUserByNameAndPassword(name, "", 1);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
List<UserRoleOrgRelation> relations = user.getUserRoleOrgRelations();
for (UserRoleOrgRelation relation : relations) {
roles.add(String.valueOf(relation.getRole().getId()));
}
info.addRoles(roles);
return info;
}
