原创

shiro多Realm分别授权

想看多realm认证的请看

https://blog.csdn.net/u013294097/article/details/90053299

想看多realm认证的请看

https://blog.csdn.net/u013294097/article/details/90053299


多Realm分别授权需要重写

import org.apache.shiro.authz.ModularRealmAuthorizer;

的三个方法:

public boolean isPermitted(PrincipalCollection principals, String permission);

public boolean isPermitted(PrincipalCollection principals, Permission permission);

public boolean hasRole(PrincipalCollection principals, String roleIdentifier);

思路:

多Realm的每个Realm都设置一个名字,这样子,在鉴权的时候拿到名字,确定使用哪个Realm进行授权

1.为Realm设置名字代码:

public class AdminRealm extends AuthorizingRealm {
@Reference
private IAdminAuthService adminAuthService;

private static final String ADMIN_LOGIN_TYPE = LoginType.ADMIN.getName();

{
super.setName("admin");//设置realm的名字,非常重要
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

return null;
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
return null;
}
}

2.复写import org.apache.shiro.authz.ModularRealmAuthorizer;方法,实现三个接口

import com.cyjz.util.CommUtil;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.Set;

public class CustomizedModularRealmAuthorizer extends ModularRealmAuthorizer {

@Override
public boolean isPermitted(PrincipalCollection principals, String permission) {
assertRealmsConfigured();
Set<String> realmNames = principals.getRealmNames();
//获取realm的名字
String realmName = realmNames.iterator().next();
for (Realm realm : getRealms()) {
if (!(realm instanceof Authorizer)) continue;
//匹配名字
if(realmName.equals("admin"))) {
if (realm instanceof AdminRealm) {
return ((AdminRealm) realm).isPermitted(principals, permission);
}
}
if(realmName.equals("user")) {
if (realm instanceof UserRealm) {
return ((UserRealm) realm).isPermitted(principals, permission);
}
}
}
return false;
}

@Override
public boolean isPermitted(PrincipalCollection principals, Permission permission) {
assertRealmsConfigured();
Set<String> realmNames = principals.getRealmNames();
//获取realm的名字
String realmName = realmNames.iterator().next();
for (Realm realm : getRealms()) {
if (!(realm instanceof Authorizer)) continue;
//匹配名字
if(realmName.equals("admin"))) {
if (realm instanceof AdminRealm) {
return ((AdminRealm) realm).isPermitted(principals, permission);
}
}
//匹配名字
if(realmName.equals("user"))) {
if (realm instanceof UserRealm) {
return ((UserRealm) realm).isPermitted(principals, permission);
}
}
}
return false; }

@Override
public boolean hasRole(PrincipalCollection principals, String roleIdentifier) {
assertRealmsConfigured();
Set<String> realmNames = principals.getRealmNames();
//获取realm的名字
String realmName = realmNames.iterator().next();
for (Realm realm : getRealms()) {
if (!(realm instanceof Authorizer)) continue;
//匹配名字
if(realmName.equals("admin"))) {
if (realm instanceof AdminRealm) {
return ((AdminRealm) realm).hasRole(principals, roleIdentifier);
}
}
//匹配名字
if(realmName.equals("admin"))) {
if (realm instanceof UserRealm) {
return ((UserRealm) realm).hasRole(principals, roleIdentifier);
}
}
}
return false;
}
}

我这里使用的是springboot,需要在shiroconfig里面的securityManager添加进这个自定义的CustomizedModularRealmAuthorizer

@Bean
public DefaultWebSecurityManager securityManager(UserRealm customRealm, AdminRealm adminRealm, DefaultWebSessionManager sessionManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
List<Realm> realms = new ArrayList<>();
realms.add(customRealm);
realms.add(adminRealm);
securityManager.setRealms(realms);
securityManager.setSessionManager(sessionManager);
securityManager.setCacheManager(new RedisCacheManager());
//====================多realm授权核心代码===================
CustomizedModularRealmAuthorizer authorizer = new CustomizedModularRealmAuthorizer();
authorizer.setRealms(realms);
securityManager.setAuthorizer(authorizer);
//====================多realm授权核心代码===================
return securityManager;
}


正文到此结束
本文目录