1、验证当前登陆的用户
2、从数据库读取当前用户相应的角色和权限,并赋值给当前的用户
import java.sql.Connection;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* MyRealm,自定义Realm类
*/
public class MyRealm extends AuthorizingRealm {
private UserDao userDao = new UserDao();
private DbUtil dbUtil = new DbUtil();
/**
* 验证当前登录的用户
*
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 获取身份信息(用户名)
String userName = (String) token.getPrincipal();
Connection con = null;
try {
// 获取数据库连接
con = dbUtil.getCon();
// 通过用户名获取用户信息
User user = userDao.getByUserName(con, userName);
if (user != null) {
AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(user.getUserName(), user.getPassword(),
"xx");
return authcInfo;
} else {
return null;
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
dbUtil.closeCon(con);
} catch (Exception e) {
e.printStackTrace();
}
}
return null;
}
/**
* 为当前登录的用户授予角色和权限
* <P>
* 根据用户名从数据库读取相应的角色和权限,并赋值给当前的用户
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// 通过身份信息获取用户名
String userName = (String) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
Connection con = null;
try {
con = dbUtil.getCon();
// 通过用户获取角色 赋值给当前用户
authorizationInfo.setRoles(userDao.getRoles(con, userName));
// 通过用户获取权限 赋值给当前用户
authorizationInfo.setStringPermissions(userDao.getPermissions(con, userName));
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
dbUtil.closeCon(con);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return authorizationInfo;
}
}
import java.sql.Connection;
import java.sql.DriverManager;
/**
* 数据库工具类 DbUtil
*
* @author
*
*/
public class DbUtil {
/**
* 获取数据库连接
*
* @return
* @throws Exception
*/
public Connection getCon() throws Exception {
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/shiro_db", "root", "root");
return con;
}
/**
* 关闭数据库连接
*
* @param con
* @throws Exception
*/
public void closeCon(Connection con) throws Exception {
if (con != null) {
con.close();
}
}
public static void main(String[] args) {
DbUtil dbUtil = new DbUtil();
try {
dbUtil.getCon();
System.out.println("数据库连接成功");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
System.out.println("数据库连接失败");
}
}
}
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.HashSet;
import java.util.Set;
public class UserDao {
/**
* 通过用户名获取用户信息
*
* @param con
* @param userName
* @return
* @throws Exception
*/
public User getByUserName(Connection con, String userName) throws Exception {
User resultUser = null;
String sql = "select * from t_user where userName=?";
PreparedStatement pstmt = con.prepareStatement(sql);
pstmt.setString(1, userName);
ResultSet rs = pstmt.executeQuery();
if (rs.next()) {
resultUser = new User();
resultUser.setId(rs.getInt("id"));
resultUser.setUserName(rs.getString("userName"));
resultUser.setPassword(rs.getString("password"));
}
return resultUser;
}
/**
* 通过用户名获取用户的角色信息
*
* @param con
* @param userName
* @return
* @throws Exception
*/
public Set<String> getRoles(Connection con, String userName) throws Exception {
Set<String> roles = new HashSet<String>();
String sql = "select * from t_user u,t_role r where u.roleId=r.id and u.userName=?";
PreparedStatement pstmt = con.prepareStatement(sql);
pstmt.setString(1, userName);
ResultSet rs = pstmt.executeQuery();
while (rs.next()) {
roles.add(rs.getString("roleName"));
}
return roles;
}
/**
* 通过用户名获取用户的权限信息
*
* @param con
* @param userName
* @return
* @throws Exception
*/
public Set<String> getPermissions(Connection con, String userName) throws Exception {
Set<String> permissions = new HashSet<String>();
String sql = "select * from t_user u,t_role r,t_permission p where u.roleId=r.id and p.roleId=r.id and u.userName=?";
PreparedStatement pstmt = con.prepareStatement(sql);
pstmt.setString(1, userName);
ResultSet rs = pstmt.executeQuery();
while (rs.next()) {
permissions.add(rs.getString("permissionName"));
}
return permissions;
}
}
shiro.ini:
[main]
authc.loginUrl=/login
roles.unauthorizedUrl=/unauthorized.jsp
perms.unauthorizedUrl=/unauthorized.jsp
myRealm=_shiro.MyRealm
securityManager.realms=$myRealm
[urls]
/login=anon
/admin*=authc
/student=roles[teacher]
/teacher=perms["user:create"]
数据库:
t_permission表
t_role表
t_user表
网友评论