Java tutorial
/* Copyright DR.YangLong Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package com.webarch.common.shiro.authentication; import com.webarch.common.shiro.exception.AccountForbiddenException; import com.webarch.common.shiro.exception.AccountLockedException; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import java.util.Collection; import java.util.Map; /** * functional describe:???? * * @author DR.YangLong [410357434@163.com] * @version 1.0 2015/5/14 13:38 */ public class ShiroRealm extends AuthorizingRealm { /** * default value */ private static final String DEFAULT_PWD_KEY = "pwd"; private static final String DEFAULT_IDENTITY_KEY = "id"; private static final String DEFAULT_USER_STATUS_KEY = "status"; private static final String DEFAULT_USER_FORBIDDEN = "1"; private static final String DEFAULT_USER_LOCKED = "2"; private static final String DEFAULT_ROLES_KEY = "roles"; private static final String DEFAULT_PERMS_KEY = "perms"; private static final String DEFAULT_AUTHEN_FILTER = "authc"; /** * ??? */ private static boolean enablePerms = false; /** * ? */ private static boolean enableRoles = true; /** * Mapkey */ private static String identity_in_map_key = DEFAULT_IDENTITY_KEY; /** * ?mapkey */ private static String password_in_map_key = DEFAULT_PWD_KEY; /** * ?mapkey */ private static String user_status_in_map_key = DEFAULT_USER_STATUS_KEY; /** * ??? */ private static String user_status_forbidden = DEFAULT_USER_FORBIDDEN; /** * ??? */ private static String user_status_locked = DEFAULT_USER_LOCKED; /** * mapKEY */ private static String roles_in_map_key = DEFAULT_ROLES_KEY; /** * ??mapKEY */ private static String perms_in_map_key = DEFAULT_PERMS_KEY; /** * ???? */ private static String authenticationFiltername = DEFAULT_AUTHEN_FILTER; /** * ?????? */ private RealmService realmService; /** * ???realmDao?id??2?????NULL?? * * @param authcToken * @return * @throws AuthenticationException */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; Map<String, Object> info = realmService.getUserUniqueIdentityAndPassword(token.getUsername()); boolean flag = info == null || info.isEmpty() || info.get(identity_in_map_key) == null || info.get(password_in_map_key) == null; if (!flag) { Object status = info.get(user_status_in_map_key); if (status != null) { String userStatus = status.toString(); if (user_status_forbidden.equals(userStatus)) {//?? throw new AccountForbiddenException("AccountForbiddenException"); } if (user_status_locked.equals(userStatus)) {//?? throw new AccountLockedException("AccountLockedException"); } } return new SimpleAuthenticationInfo(info.get(identity_in_map_key), info.get(password_in_map_key), getName()); } else { throw new UnknownAccountException("UnknownAccountException");//??; } } /** * ??? * * @param principals * @return */ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { if (!principals.isEmpty() && principals.fromRealm(getName()).size() > 0) { Object id = principals.fromRealm(getName()).iterator().next(); if (id != null) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); if (enableRoles && enablePerms) { Map<String, Collection<String>> rolesAndPerms = realmService.getUserRolesAndPerms(id); Collection<String> roles = rolesAndPerms.get(roles_in_map_key); Collection<String> perms = rolesAndPerms.get(perms_in_map_key); if (roles != null && !roles.isEmpty()) { info.addRoles(roles); } if (perms != null && !perms.isEmpty()) { info.addStringPermissions(perms); } } else if (enableRoles && !enablePerms) { Collection<String> perms = realmService.getPermissions(id); if (perms != null && !perms.isEmpty()) { info.addStringPermissions(perms); } } else if (enablePerms && !enableRoles) { Collection<String> roles = realmService.getRoles(id); if (roles != null && !roles.isEmpty()) { info.addRoles(roles); } } return info; } else { return null; } } else return null; } /** * ??? * ?????? * principalsdoGetAuthenticationInfoprincipal * realm??realmprincipal * * @param principals ? * @return key */ @Override protected Object getAuthorizationCacheKey(PrincipalCollection principals) { if (!principals.isEmpty() && principals.fromRealm(getName()).size() > 0) { Object id = principals.fromRealm(getName()).iterator().next(); if (id != null) { return "DRZ_" + id; } } return null; } /** * ??tokenkey * * {@link #getAuthenticationCacheKey(org.apache.shiro.authc.AuthenticationToken)}? * <p/> * {@link org.apache.shiro.realm.AuthenticatingRealm#getAuthenticationCacheKey(org.apache.shiro.subject.PrincipalCollection)} * * @param principals * @return */ @Override protected Object getAuthenticationCacheKey(PrincipalCollection principals) { if (!principals.isEmpty() && principals.fromRealm(getName()).size() > 0) { Object id = principals.fromRealm(getName()).iterator().next(); if (id != null) { return "DRC_" + id; } } return null; } /** * ?keytoken? * {@link org.apache.shiro.realm.AuthenticatingRealm#getAuthenticationCacheKey(org.apache.shiro.authc.AuthenticationToken)} * * @param token token * @return key */ protected Object getAuthenticationCacheKey(AuthenticationToken token) { UsernamePasswordToken simpleToken = (UsernamePasswordToken) token; Object id = realmService.getUniqueIdentity(simpleToken.getUsername().toLowerCase()); if (id != null) { return "DRC_" + id; } return null; } public static boolean isEnablePerms() { return enablePerms; } public static void setEnablePerms(boolean enablePerms) { ShiroRealm.enablePerms = enablePerms; } public static boolean isEnableRoles() { return enableRoles; } public static void setEnableRoles(boolean enableRoles) { ShiroRealm.enableRoles = enableRoles; } public static String getIdentity_in_map_key() { return identity_in_map_key; } public static void setIdentity_in_map_key(String identity_in_map_key) { ShiroRealm.identity_in_map_key = identity_in_map_key; } public static String getPassword_in_map_key() { return password_in_map_key; } public static void setPassword_in_map_key(String password_in_map_key) { ShiroRealm.password_in_map_key = password_in_map_key; } public static String getRoles_in_map_key() { return roles_in_map_key; } public static void setRoles_in_map_key(String roles_in_map_key) { ShiroRealm.roles_in_map_key = roles_in_map_key; } public static String getPerms_in_map_key() { return perms_in_map_key; } public static void setPerms_in_map_key(String perms_in_map_key) { ShiroRealm.perms_in_map_key = perms_in_map_key; } public static String getUser_status_in_map_key() { return user_status_in_map_key; } public static void setUser_status_in_map_key(String user_status_in_map_key) { ShiroRealm.user_status_in_map_key = user_status_in_map_key; } public static String getUser_status_forbidden() { return user_status_forbidden; } public static void setUser_status_forbidden(String user_status_forbidden) { ShiroRealm.user_status_forbidden = user_status_forbidden; } public static String getUser_status_locked() { return user_status_locked; } public static void setUser_status_locked(String user_status_locked) { ShiroRealm.user_status_locked = user_status_locked; } public static String getAuthenticationFiltername() { return authenticationFiltername; } public static void setAuthenticationFiltername(String authenticationFiltername) { ShiroRealm.authenticationFiltername = authenticationFiltername; } public RealmService getRealmService() { return realmService; } public void setRealmService(RealmService realmService) { this.realmService = realmService; } }