标签:xll 登录 认证 org apache import com shiro
`package com.xll.common;
import java.util.List;
import com.xll.domain.User;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@AllArgsConstructor
@NoArgsConstructor
public class ActiverUser {
private User user;
private List<String> roles;
private List<String> permissions;
}
**登录模块**
package com.xll.controller;
import java.util.Date;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.xll.common.ActiverUser;
import com.xll.common.ResultObj;
import com.xll.common.WebUtils;
import com.xll.domain.Loginfo;
import com.xll.service.LoginfoService;
@RestController
@RequestMapping("login")
public class LoginController {
@Autowired
private LoginfoService loginfoService;
@RequestMapping("login")
public ResultObj login(String loginname,String pwd) {
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token=new UsernamePasswordToken(loginname, pwd);
try {
subject.login(token);
ActiverUser activerUser=(ActiverUser) subject.getPrincipal();
WebUtils.getSession().setAttribute("user", activerUser.getUser());
//记录登陆日志
Loginfo entity=new Loginfo();
entity.setLoginname(activerUser.getUser().getName()+"-"+activerUser.getUser().getLoginname());
entity.setLoginip(WebUtils.getRequest().getRemoteAddr());
entity.setLogintime(new Date());
loginfoService.save(entity);
return ResultObj.LOGIN_SUCCESS;
} catch (AuthenticationException e) {
e.printStackTrace();
return ResultObj.LOGIN_ERROR_PASS;
}
}
}
**认证模块**
package com.xll.realm;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.xll.common.ActiverUser;
import com.xll.common.Constast;
import com.xll.domain.Permission;
import com.xll.domain.User;
import com.xll.service.PermissionService;
import com.xll.service.RoleService;
import com.xll.service.UserService;
public class UserRealm extends AuthorizingRealm {
@Autowired
@Lazy //只有使用的时候才会加载
private UserService userService;
@Autowired
@Lazy
private PermissionService permissionService;
@Autowired
@Lazy
private RoleService roleService;
@Override
public String getName() {
return this.getClass().getSimpleName();
}
/**
* 认证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
QueryWrapper<User> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("loginname", token.getPrincipal().toString());
User user = userService.getOne(queryWrapper);
if (null != user) {
ActiverUser activerUser = new ActiverUser();
activerUser.setUser(user);
//根据用户ID查询percode
//查询所有菜单
QueryWrapper<Permission> qw=new QueryWrapper<>();
//设置只能查询菜单
qw.eq("type",Constast.TYPE_PERMISSION);
qw.eq("available", Constast.AVAILABLE_TRUE);
//根据用户ID+角色+权限去查询
Integer userId=user.getId();
//根据用户ID查询角色
List<Integer> currentUserRoleIds = roleService.queryUserRoleIdsByUid(userId);
//根据角色ID取到权限和菜单ID
Set<Integer> pids=new HashSet<>();
for (Integer rid : currentUserRoleIds) {
List<Integer> permissionIds = roleService.queryRolePermissionIdsByRid(rid);
pids.addAll(permissionIds);
}
List<Permission> list=new ArrayList<>();
//根据角色ID查询权限
if(pids.size()>0) {
qw.in("id", pids);
list=permissionService.list(qw);
}
List<String> percodes=new ArrayList<>();
for (Permission permission : list) {
percodes.add(permission.getPercode());
}
//放到
activerUser.setPermissions(percodes);
ByteSource credentialsSalt = ByteSource.Util.bytes(user.getSalt());
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(activerUser, user.getPwd(), credentialsSalt,
this.getName());
return info;
}
return null;
}
}`
授权
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo(); ActiverUser activerUser=(ActiverUser) principals.getPrimaryPrincipal(); User user=activerUser.getUser(); List<String> permissions = activerUser.getPermissions(); if(user.getType()==Constast.USER_TYPE_SUPER) { //超级管理员拥有全部权限 authorizationInfo.addStringPermission("*:*"); }else { if(null!=permissions&&permissions.size()>0) { authorizationInfo.addStringPermissions(permissions); } } return authorizationInfo; }
标签:xll,登录,认证,org,apache,import,com,shiro 来源: https://www.cnblogs.com/lu-zhi-ling/p/12878553.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。