Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package com.kingmed.dp.modules.sys.security; import java.io.Serializable; import java.util.Collection; import java.util.List; import javax.annotation.PostConstruct; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.session.Session; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import org.os.common.config.Global; import org.os.common.servlet.ValidateCodeServlet; import org.os.common.utils.Encodes; import org.os.common.utils.SpringContextHolder; import org.os.common.utils.StringUtils; import org.os.common.web.Servlets; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; import org.springframework.stereotype.Service; import com.kingmed.dp.module.sys.entity.Menu; import com.kingmed.dp.module.sys.entity.Role; import com.kingmed.dp.module.sys.entity.User; import com.kingmed.dp.module.sys.utils.LogUtils; import com.kingmed.dp.module.sys.utils.UserUtils; import com.kingmed.dp.modules.sys.service.SystemService; /** * * @author jack * */ @Service @Component("systemAuthorizingRealm") public class SystemAuthorizingRealm extends AuthorizingRealm { private Logger logger = LoggerFactory.getLogger(getClass()); private SystemService systemService; /** * ?, */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; int activeSessionSize = getSystemService().getSessionDAO().getActiveSessions(false).size(); if (logger.isDebugEnabled()) { logger.debug("login submit, active session size: {}, username: {}", activeSessionSize, token.getUsername()); } // ?? if (UserUtils.isValidateCodeLogin(token.getUsername(), false, false)) { Session session = UserUtils.getSession(); String code = (String) session.getAttribute(ValidateCodeServlet.VALIDATE_CODE); if (token.getCaptcha() == null || !token.getCaptcha().toUpperCase().equals(code)) { throw new AuthenticationException("msg:??, ?."); } } // ??? User user = getSystemService().getUserByLoginName(token.getUsername()); if (user != null) { if (Global.NO.equals(user.getLoginFlag())) { throw new AuthenticationException("msg:???."); } byte[] salt = Encodes.decodeHex(user.getPassword().substring(0, 16)); return new SimpleAuthenticationInfo(new Principal(user, token.isMobileLogin()), user.getPassword().substring(16), ByteSource.Util.bytes(salt), getName()); } else { return null; } } /** * ?, ??? */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Principal principal = (Principal) getAvailablePrincipal(principals); // ?? if (!Global.TRUE.equals(Global.getConfig("user.multiAccountLogin"))) { Collection<Session> sessions = getSystemService().getSessionDAO().getActiveSessions(true, principal, UserUtils.getSession()); if (sessions.size() > 0) { // ? if (UserUtils.getSubject().isAuthenticated()) { for (Session session : sessions) { getSystemService().getSessionDAO().delete(session); } } // ??????? else { UserUtils.getSubject().logout(); throw new AuthenticationException("msg:??"); } } } User user = getSystemService().getUserByLoginName(principal.getLoginName()); if (user != null) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); List<Menu> list = UserUtils.getMenuList(); for (Menu menu : list) { if (StringUtils.isNotBlank(menu.getPermission())) { // Permission??? for (String permission : StringUtils.split(menu.getPermission(), ",")) { info.addStringPermission(permission); } } } // ?? info.addStringPermission("user"); // ? for (Role role : user.getRoleList()) { info.addRole(role.getEnname()); } // IP getSystemService().updateUserLoginInfo(user); // LogUtils.saveLog(Servlets.getRequest(), ""); return info; } else { return null; } } @Override protected void checkPermission(Permission permission, AuthorizationInfo info) { authorizationValidate(permission); super.checkPermission(permission, info); } @Override protected boolean[] isPermitted(List<Permission> permissions, AuthorizationInfo info) { if (permissions != null && !permissions.isEmpty()) { for (Permission permission : permissions) { authorizationValidate(permission); } } return super.isPermitted(permissions, info); } @Override public boolean isPermitted(PrincipalCollection principals, Permission permission) { authorizationValidate(permission); return super.isPermitted(principals, permission); } @Override protected boolean isPermittedAll(Collection<Permission> permissions, AuthorizationInfo info) { if (permissions != null && !permissions.isEmpty()) { for (Permission permission : permissions) { authorizationValidate(permission); } } return super.isPermittedAll(permissions, info); } /** * ?? * @param permission */ private void authorizationValidate(Permission permission) { // ??? } /** * ?Hash */ @PostConstruct public void initCredentialsMatcher() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(SystemService.HASH_ALGORITHM); matcher.setHashIterations(SystemService.HASH_INTERATIONS); setCredentialsMatcher(matcher); } /** * ?? * @Deprecated ????session */ @Deprecated public void clearAllCachedAuthorizationInfo() { } /** * ? */ public SystemService getSystemService() { if (systemService == null) { systemService = SpringContextHolder.getBean(SystemService.class); } return systemService; } /** * ?? */ public static class Principal implements Serializable { private static final long serialVersionUID = 1L; private String id; // ? private String loginName; // ?? private String name; // ?? private boolean mobileLogin; // ? public Principal(User user, boolean mobileLogin) { this.id = user.getId(); this.loginName = user.getLoginName(); this.name = user.getName(); this.mobileLogin = mobileLogin; } public String getId() { return id; } public String getLoginName() { return loginName; } public String getName() { return name; } public boolean isMobileLogin() { return mobileLogin; } /** * ?SESSIONID */ public String getSessionid() { try { return (String) UserUtils.getSession().getId(); } catch (Exception e) { return ""; } } @Override public String toString() { return id; } } }