package com.nanometer.smartlab.realm;
|
|
import com.nanometer.smartlab.entity.BaseRolePage;
|
import com.nanometer.smartlab.entity.SysUser;
|
import com.nanometer.smartlab.service.BaseRolePageService;
|
import com.nanometer.smartlab.service.SysUserService;
|
import com.nanometer.smartlab.util.Constants;
|
import org.apache.log4j.Logger;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authc.*;
|
import org.apache.shiro.authc.credential.CredentialsMatcher;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
import org.apache.shiro.cache.Cache;
|
import org.apache.shiro.cache.CacheManager;
|
import org.apache.shiro.realm.AuthorizingRealm;
|
import org.apache.shiro.subject.PrincipalCollection;
|
import org.apache.shiro.subject.SimplePrincipalCollection;
|
import org.apache.shiro.subject.Subject;
|
|
import javax.annotation.Resource;
|
import java.util.ArrayList;
|
import java.util.List;
|
|
/**
|
* @description:shiro权限认证
|
* @author:zhixuan.wang
|
* @date:2015/10/1 14:51
|
*/
|
public class ShiroDbRealm extends AuthorizingRealm {
|
private static Logger LOGGER = Logger.getLogger(ShiroDbRealm.class);
|
|
@Resource
|
private SysUserService sysUserService;
|
@Resource
|
private BaseRolePageService baseRolePageService;
|
|
public ShiroDbRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
|
super(cacheManager, matcher);
|
}
|
|
/**
|
* Shiro登录认证(原理:用户提交 用户名和密码 --- shiro 封装令牌 ---- realm 通过用户名将密码查询返回 ---- shiro 自动去比较查询出密码和用户输入密码是否一致---- 进行登陆控制 )
|
*/
|
@Override
|
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
|
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
|
final String account = String.valueOf(usernamePasswordToken.getUsername());
|
SysUser user = this.sysUserService.getSysUserByAccount(account);
|
|
if (user == null) {
|
throw new UnknownAccountException();
|
}
|
|
AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getAccount(), user.getPassword(), getName());
|
|
return authenticationInfo;
|
}
|
|
/**
|
* Shiro权限认证
|
*/
|
@Override
|
protected AuthorizationInfo doGetAuthorizationInfo(
|
PrincipalCollection principals) {
|
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
|
|
String account = (String) super.getAvailablePrincipal(principals);
|
List<String> roles = new ArrayList<String>();
|
List<String> permissions = new ArrayList<String>();
|
|
SysUser user = this.sysUserService.getSysUserByAccount(account);
|
if(user != null && user.getRoleId() != null) {
|
roles.add(user.getRoleName());
|
|
List<BaseRolePage> baseRolePageList = baseRolePageService.getBaseRolePageList(user.getRoleId(), null);
|
if (baseRolePageList != null && baseRolePageList.size() > 0) {
|
for (BaseRolePage baseRolePage : baseRolePageList) {
|
permissions.add(baseRolePage.getPageId());
|
}
|
}
|
}
|
|
info.addRoles(roles);
|
info.addStringPermissions(permissions);
|
return info;
|
}
|
|
@Override
|
public void onLogout(PrincipalCollection principals) {
|
Subject currentUser = SecurityUtils.getSubject();
|
currentUser.getSession(true).removeAttribute(Constants.SESSION_USER);
|
super.onLogout(principals);
|
}
|
|
/**
|
* 清除用户缓存
|
* @param loginName
|
*/
|
public void removeUserCache(String loginName){
|
Cache<Object, AuthenticationInfo> cache = getAuthenticationCache();
|
if (null != cache){
|
cache.remove(loginName);
|
}
|
SimplePrincipalCollection principals = new SimplePrincipalCollection();
|
principals.add(loginName, super.getName());
|
super.clearCachedAuthenticationInfo(principals);
|
}
|
|
}
|
