-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
UserRealm.java
130 lines (114 loc) · 4.95 KB
/
UserRealm.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/**
* Copyright (c) 2005-2012 https://github.com/zhangkaitao
*
* Licensed under the Apache License, Version 2.0 (the "License");
*/
package org.apache.shiro.realm;
import com.sishuok.es.common.repository.support.SimpleBaseRepositoryFactoryBean;
import com.sishuok.es.sys.auth.service.UserAuthService;
import com.sishuok.es.sys.user.entity.User;
import com.sishuok.es.sys.user.exception.*;
import com.sishuok.es.sys.user.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
/**
* <p>User: Zhang Kaitao
* <p>Date: 13-3-12 下午9:05
* <p>Version: 1.0
*/
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Autowired
private UserAuthService userAuthService;
private static final Logger log = LoggerFactory.getLogger("es-error");
@Autowired
public UserRealm(ApplicationContext ctx) {
super();
//不能注入 因为获取bean依赖顺序问题造成可能拿不到某些bean报错
//why?
//因为spring在查找findAutowireCandidates时对FactoryBean做了优化,即只获取Bean,但不会autowire属性,
//所以如果我们的bean在依赖它的bean之前初始化,那么就得不到ObjectType(永远是Repository)
//所以此处我们先getBean一下 就没有问题了
ctx.getBeansOfType(SimpleBaseRepositoryFactoryBean.class);
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = (String) principals.getPrimaryPrincipal();
User user = userService.findByUsername(username);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(userAuthService.findStringRoles(user));
authorizationInfo.setStringPermissions(userAuthService.findStringPermissions(user));
return authorizationInfo;
}
private static final String OR_OPERATOR = " or ";
private static final String AND_OPERATOR = " and ";
private static final String NOT_OPERATOR = "not ";
/**
* 支持or and not 关键词 不支持and or混用
*
* @param principals
* @param permission
* @return
*/
public boolean isPermitted(PrincipalCollection principals, String permission) {
if (permission.contains(OR_OPERATOR)) {
String[] permissions = permission.split(OR_OPERATOR);
for (String orPermission : permissions) {
if (isPermittedWithNotOperator(principals, orPermission)) {
return true;
}
}
return false;
} else if (permission.contains(AND_OPERATOR)) {
String[] permissions = permission.split(AND_OPERATOR);
for (String orPermission : permissions) {
if (!isPermittedWithNotOperator(principals, orPermission)) {
return false;
}
}
return true;
} else {
return isPermittedWithNotOperator(principals, permission);
}
}
private boolean isPermittedWithNotOperator(PrincipalCollection principals, String permission) {
if (permission.startsWith(NOT_OPERATOR)) {
return !super.isPermitted(principals, permission.substring(NOT_OPERATOR.length()));
} else {
return super.isPermitted(principals, permission);
}
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername().trim();
String password = "";
if (upToken.getPassword() != null) {
password = new String(upToken.getPassword());
}
User user = null;
try {
user = userService.login(username, password);
} catch (UserNotExistsException e) {
throw new UnknownAccountException(e.getMessage(), e);
} catch (UserPasswordNotMatchException e) {
throw new AuthenticationException(e.getMessage(), e);
} catch (UserPasswordRetryLimitExceedException e) {
throw new ExcessiveAttemptsException(e.getMessage(), e);
} catch (UserBlockedException e) {
throw new LockedAccountException(e.getMessage(), e);
} catch (Exception e) {
log.error("login error", e);
throw new AuthenticationException(new UserException("user.unknown.error", null));
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), password.toCharArray(), getName());
return info;
}
}