package com.nms.swspkmas_standalone.shiro.realm;
|
|
import cn.hutool.core.util.StrUtil;
|
import com.nms.swspkmas_standalone.entity.User;
|
import com.nms.swspkmas_standalone.exception.ApiException;
|
import com.nms.swspkmas_standalone.service.UserService;
|
import com.nms.swspkmas_standalone.shiro.token.JwtToken;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authc.*;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
import org.apache.shiro.realm.AuthorizingRealm;
|
import org.apache.shiro.subject.PrincipalCollection;
|
import org.apache.shiro.util.ByteSource;
|
import org.springframework.beans.BeanUtils;
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import java.util.HashSet;
|
import java.util.Objects;
|
import java.util.Set;
|
|
/**
|
* @Author ling.quan
|
* @Date 2022/2/17 16:31
|
* @Desciption jwtRealm:这个自定义的realm就比较关键了。它实现了认证和授权的两个方法。
|
* 认证的方法里面,我们获取到JwtToken类的token后,获取token里面的参数信息(暂时只有username),然后查询“数据库”判断,没有则返回错误信息,即抛出异常,让subject.login(token)所在的方法捕获到异常进行处理。认证通过,即用户名所对应的对象存在,则返回SimpleAuthenticationInfo对象,让请求能够继续请求loginController
|
* 授权的方法中,则是获取到token携带的的username信息来查询其拥有的权限,然后进行设置即可,至此,我们的shiro作用就发挥得差不多了
|
* [realm是由shiroConfig中的securityManager调用的]
|
*
|
*/
|
|
public class JwtRealm extends AuthorizingRealm {
|
|
@Autowired
|
private UserService userService;
|
|
/**
|
* 限定这个 Realm 只处理我们自定义的 JwtToken
|
*/
|
@Override
|
public boolean supports(AuthenticationToken token) {
|
return token instanceof JwtToken;
|
}
|
|
/**
|
* 此处的 SimpleAuthenticationInfo 可返回任意值,密码校验时不会用到它
|
*/
|
@Override
|
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
|
throws AuthenticationException {
|
JwtToken jwtToken = (JwtToken) authcToken;
|
if (jwtToken.getPrincipal() == null) {
|
throw new AccountException("JWT token参数异常!");
|
}
|
// 从 JwtToken 中获取当前用户
|
String username = jwtToken.getPrincipal().toString();
|
|
if (StrUtil.isBlank(username)) {
|
throw new UnknownAccountException("未登录!");
|
}
|
|
// 获取当前用户
|
User currentUser = userService.getByUserName(username);
|
|
if (currentUser == null) {
|
throw new ApiException("用户不存在!");
|
}
|
|
ByteSource.Util.bytes("nms");
|
return new SimpleAuthenticationInfo(currentUser, username, getName());
|
}
|
|
@Override
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
|
// 获取当前用户
|
User currentUser = (User) SecurityUtils.getSubject().getPrincipal();
|
// UserEntity currentUser = (UserEntity) principals.getPrimaryPrincipal();
|
Set roleSet=new HashSet();
|
roleSet.add("");
|
info.setRoles(roleSet);
|
return info;
|
}
|
|
}
|
