java鬼混笔记：shiro 5、shiro授权判断，基本动态获取权限

这次的笔记是记录shiro的授权功能，上一文的权限设置来自于ini配置文件，写死的，这次换成动态的，模拟从数据库里获取操作，上代码。。。

自定义授权还是要基本自定义realm的，所以要配置自定义realm先，和之前的一样。

shiro_role.ini

[main]  #自定义的realm，在RoleRealm中模拟获取这个用户的角色和权限信息realm_role=com.ywj.TestShiro.RoleRealm;把自定义的realm 注入到 securityManager $realm_diy 中的realm_diy和上面的一致  securityManager.realms=$realm_role  

接下来是自定义realm的内容

RoleRealm.java

package com.ywj.TestShiro;import java.util.ArrayList;import java.util.List;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;public class RoleRealm extends AuthorizingRealm {@Overridepublic void setName(String name) {super.setName("RoleRealm");// 自定义一个名字}// 授权处理@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {// 获取账号String account = (String) principals.getPrimaryPrincipal();// 下面假设通过account找到相关的角色功权限// 加载角色（假设是从数据库里获取的）List<String> roles = new ArrayList<String>();roles.add("role1");roles.add("role2");// 加载权限（假设是从数据库里获取的）List<String> permissions = new ArrayList<String>();permissions.add("user:add");permissions.add("user:update");permissions.add("card:add");permissions.add("card:update222");// 放进去SimpleAuthorizationInfo sa = new SimpleAuthorizationInfo();sa.addRoles(roles);sa.addStringPermissions(permissions);return sa;}// 之前的认证功能@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {// 获取token里的账号String username  = String.valueOf(token.getPrincipal());String password = "123";// 返回认证信息return new SimpleAuthenticationInfo(username, password, this.getName());}}

ok ,可以直接测试了，和之前的一样

Test.java

package com.ywj.TestShiro;import java.util.Arrays;import java.util.List;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.IncorrectCredentialsException;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.config.IniSecurityManagerFactory;import org.apache.shiro.mgt.SecurityManager;import org.apache.shiro.subject.Subject;import org.apache.shiro.util.Factory;public class Test {public static void main(String[] args) {// 和原来的一样，不做注释Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:config/shiro_role.ini");SecurityManager securityManager = factory.getInstance();SecurityUtils.setSecurityManager(securityManager);Subject subject = SecurityUtils.getSubject();UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("ywj", "123");try {subject.login(usernamePasswordToken);} catch (UnknownAccountException e) {System.out.println("用户不存在");} catch (IncorrectCredentialsException e) {System.out.println("密码不正确");} catch (Exception e) {e.printStackTrace();}boolean flag = subject.isAuthenticated();System.out.println("已登录：" + flag);// 和基本ini配置的授权一样System.out.println(subject.hasRole("role3"));// falseSystem.out.println(subject.isPermitted("card:update222"));// turesubject.logout();flag = subject.isAuthenticated();System.out.println("已登录：" + flag);}}