shrio自定义realm,权限拦截
http://my.oschina.net/sheldon1/blog/603351
一,自定义realm,重写认证,授权,验证权限三个方法
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
Java代码 public class UserRealm extends AuthorizingRealm { @Autowired private SysUserService userService; @Autowired private UserAuthService userAuthService; private Logger logger = LoggerFactory.getLogger(this.getClass()); /** * 授权 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SysUser user = (SysUser) principals.getPrimaryPrincipal(); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.setRoles(userAuthService.findStringRoles(user.getId())); authorizationInfo.setStringPermissions(userAuthService.findStringPermissions(user.getId())); return authorizationInfo; } /** * 认证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { logger.info("----------------认证----------------"); UsernamePasswordToken upToken = (UsernamePasswordToken) token; String username = upToken.getUsername().trim(); String password = ""; if (upToken.getPassword() != null) { password = new String(upToken.getPassword()); } SysUser user = userService.login(username, password); if (user != null) { SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password.toCharArray(), getName()); return info; } return null; } //重写权限判断方法,加入正则判断 @Override public boolean isPermitted(PrincipalCollection principals, String permission) { AuthorizationInfo info = getAuthorizationInfo(principals); Collection<String> permissions = info.getStringPermissions(); return permissions.contains(permission) || patternMatch(permissions, permission); } /** * 正则 * @param patternUrlList * @param requestUri * @return */ public boolean patternMatch(Collection<String> patternUrlList, String requestUri) { boolean flag = false; for (String patternUri : patternUrlList) { if (StringUtils.isNotEmpty(patternUri)) { Pattern pattern = Pattern.compile(patternUri); Matcher matcher = pattern.matcher(requestUri); if (matcher.matches()) { flag = true; break; } } } return flag; } |
二、授权filter
isAccessAllowed,拦截方法,返回true表示通过验证,返回false会执行onAccessDenied方法。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
Java代码 public class LoginCheckPermissionFilter extends AuthorizationFilter { public Logger logger = LoggerFactory.getLogger(getClass()); @Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { HttpServletRequest httpServletRequest = (HttpServletRequest) request; String url = httpServletRequest.getRequestURI(); try { Subject user = SecurityUtils.getSubject(); return user.isPermitted(url); } catch (Exception e) { logger.error("check permission error", e); } return true; } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException { Subject subject = getSubject(request, response); HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; String method = httpServletRequest.getMethod(); if (subject.getPrincipal() == null) { saveRequestAndRedirectToLogin(request, response); } else { String unauthorizedUrl = getUnauthorizedUrl(); if (StringUtils.hasText(unauthorizedUrl)) { if (method.equals("POST")) { httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8"); String result = JSON.toJSONString(new BaseResp("没有权限,请联系管理员!", BizConstants.FAIL)); httpServletResponse.getWriter().write(result); } else { WebUtils.issueRedirect(request, response, unauthorizedUrl); } } else { WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED); } } return false; } } |
三、shiro部分配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
Xml代码 <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login"/> <!--<property name="successUrl" value="/loginOK" />--> <property name="unauthorizedUrl" value="/noPermission"/> <property name="filters"> <map> <entry key="perms" value-ref="loginCheckPermissionFilter"/> <entry key="user" value-ref="myUserFilter"/> </map> </property> <property name="filterChainDefinitions"> <value> /favicon.ico = anon /resources/** = anon /PoiTemplate/** = anon /login = anon /logout = user /** = user,perms </value> </property> </bean> |