Java tutorial
/* * Copyright 2005-2013 shopxx.net. All rights reserved. * Support: http://www.xmsoft.cn * License: http://www.xmsoft.cn/license */ package net.shopxx.shiro.realm; import java.util.Collection; import java.util.Date; import java.util.List; import javax.annotation.Resource; import net.shopxx.Setting; import net.shopxx.Setting.AccountLockType; import net.shopxx.Setting.CaptchaType; import net.shopxx.entity.Admin; import net.shopxx.service.AccountService; import net.shopxx.service.AdminService; import net.shopxx.service.CaptchaService; import net.shopxx.shiro.AuthenticationToken; import net.shopxx.shiro.Principal; import net.shopxx.util.SettingUtils; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.time.DateUtils; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.DisabledAccountException; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.pam.UnsupportedTokenException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Value; /** * ??? * * @author SHOP++ Team * @version 3.0 */ public class AuthenticationRealm extends AuthorizingRealm { @Resource(name = "captchaServiceImpl") private CaptchaService captchaService; @Resource(name = "adminServiceImpl") private AdminService adminService; @Resource(name = "accountServiceImpl") private AccountService accountService; @Value("${dev_model}") private Boolean isDevModel; /** * ??? * * @param token * @return ?? */ @Override protected AuthenticationInfo doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token) { AuthenticationToken authenticationToken = (AuthenticationToken) token; String username = authenticationToken.getUsername(); String password = new String(authenticationToken.getPassword()); String captchaId = authenticationToken.getCaptchaId(); String captcha = authenticationToken.getCaptcha(); String ip = authenticationToken.getHost(); if (!isDevModel && !captchaService.isValid(CaptchaType.adminLogin, captchaId, captcha)) { throw new UnsupportedTokenException(); } if (username != null && password != null) { Admin admin = adminService.findByUsername(username); if (admin == null) { throw new UnknownAccountException(); } if (!admin.getIsEnabled()) { throw new DisabledAccountException(); } Setting setting = SettingUtils.get(); if (admin.getIsLocked()) { if (ArrayUtils.contains(setting.getAccountLockTypes(), AccountLockType.admin)) { int loginFailureLockTime = setting.getAccountLockTime(); if (loginFailureLockTime == 0) { throw new LockedAccountException(); } Date lockedDate = admin.getLockedDate(); Date unlockDate = DateUtils.addMinutes(lockedDate, loginFailureLockTime); if (new Date().after(unlockDate)) { admin.setLoginFailureCount(0); admin.setIsLocked(false); admin.setLockedDate(null); adminService.update(admin); } else { throw new LockedAccountException(); } } else { admin.setLoginFailureCount(0); admin.setIsLocked(false); admin.setLockedDate(null); adminService.update(admin); } } if (!DigestUtils.md5Hex(password).equals(admin.getPassword())) { int loginFailureCount = admin.getLoginFailureCount() + 1; if (loginFailureCount >= setting.getAccountLockCount()) { admin.setIsLocked(true); admin.setLockedDate(new Date()); } admin.setLoginFailureCount(loginFailureCount); adminService.update(admin); throw new IncorrectCredentialsException(); } admin.setLoginIp(ip); admin.setLoginDate(new Date()); admin.setLoginFailureCount(0); adminService.update(admin); return new SimpleAuthenticationInfo(new Principal(admin.getId(), username), password, getName()); } throw new UnknownAccountException(); } /** * ??? * * @param principals principals * @return ?? */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Collection realms = principals.fromRealm(getName()); if (realms != null && realms.size() > 0) { Principal principal = (Principal) realms.iterator().next(); if (principal != null) { List<String> authorities = adminService.findAuthorities(principal.getId()); if (authorities != null) { SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); // authorizationInfo.addRole();? authorizationInfo.addStringPermissions(authorities); return authorizationInfo; } } } return null; } /* * (non-Javadoc) * @see org.apache.shiro.realm.AuthenticatingRealm#supports(org.apache.shiro.authc.AuthenticationToken) */ @Override public boolean supports(org.apache.shiro.authc.AuthenticationToken token) { return token instanceof AuthenticationToken ? true : false; } }