com.github.dennisit.vplus.data.security.AuthorityRealm Maven / Gradle / Ivy
package com.github.dennisit.vplus.data.security;
import com.spring.boxes.dollar.RegexUtils;
import com.spring.boxes.dollar.enums.EnableEnum;
import com.spring.boxes.dollar.enums.PlatformEnum;
import com.spring.boxes.dollar.term.Authority;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.apache.shiro.util.CollectionUtils;
import java.util.regex.Pattern;
@Slf4j
public class AuthorityRealm extends AuthorizingRealm {
/**
* 用户登录授权接口
*/
private AuthorityIFace authorityIface;
/**
* 是否只允许后台用户登录
*/
private boolean onlyAdmin = false;
public AuthorityRealm(AuthorityIFace authorityIface) {
this.authorityIface = authorityIface;
}
public AuthorityRealm(AuthorityIFace authorityIface, boolean onlyAdmin) {
this.authorityIface = authorityIface;
this.onlyAdmin = onlyAdmin;
}
public AuthorityRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
super(cacheManager, matcher);
}
public AuthorityRealm(CacheManager cacheManager, CredentialsMatcher matcher, AuthorityIFace authorityIface) {
this(cacheManager, matcher, authorityIface, false);
}
public AuthorityRealm(CacheManager cacheManager, CredentialsMatcher matcher, AuthorityIFace authorityIface, boolean onlyAdmin) {
super(cacheManager, matcher);
this.authorityIface = authorityIface;
this.onlyAdmin = onlyAdmin;
}
public AuthorityRealm(CacheManager cacheManager) {
super(cacheManager);
}
/**
* 角色权限
* 没有使用缓存的时候,不断刷新页面的话,这个代码会不断执行, 当其实没有必要每次都重新设置权限信息,所以我们需要放到缓存中进行管理;
* 当放到缓存中时,这样的话,doGetAuthorizationInfo就只会执行一次了, 缓存过期之后会再次执行。
*
* @param principals 授权会话
* @return 授权信息
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Authority authority = (Authority) principals.getPrimaryPrincipal();
log.debug("当前登录用户:{}", authority.getShowName());
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addStringPermissions(authorityIface.selectPermissions(authority.getUserId()));
authorizationInfo.addRoles(authorityIface.selectRoles(authority.getUserId()));
return authorizationInfo;
}
/**
*
* public boolean signIn(SignInParam param) throws Exception {
* if(StringUtils.isBlank(param.getUsername()) || StringUtils.isBlank(param.getPassword())){
* throw new ApiException("用户或密码不能为空");
* }
*
* Subject subject = SecurityUtils.getSubject();
*
* UsernamePasswordToken token = new UsernamePasswordToken(param.getUsername(), param.getPassword());
* try {
* token.setRememberMe(param.isRememberMe());
* subject.login(token);
* return true;
* } catch (IncorrectCredentialsException | UnknownAccountException e) {
* token.clear();
* throw new ApiException("账号或密码不正确!", e);
* } catch (LockedAccountException lae) {
* token.clear();
* throw new ApiException("用户已经被锁定不能登录,请与管理员联系");
* } catch (AuthenticationException e) {
* token.clear();
* throw new ApiException("用户或密码不正确", e);
* } catch (Throwable e) {
* token.clear();
* throw new ApiException("网络错误,请稍后重试!", e);
* }
* }
*
*
* 认证信息.(身份验证) : Authentication 是用来验证用户身份
*
* @return 验证后授权信息
* @throws AuthenticationException 授权异常
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String username = (String) token.getPrincipal();
String password = new String((char[]) token.getCredentials());
Authority authority = null;
if (Pattern.matches(RegexUtils.EMAIL, username)) {
authority = authorityIface.selectByEmail(username);
} else if (Pattern.matches(RegexUtils.PHONE, username)) {
authority = authorityIface.selectByPhone(username);
} else {
authority = authorityIface.selectByProviderUerId(username);
}
if (null == authority) {
throw new UnknownAccountException("账号不存在");
}
/*LOG.debug("加密:" + DigestUtils.md5Hex(password, authority.getSalt()) + ",比较:" + authority.getPassword());
if(!authority.getPassword().equals(DigestUtils.md5Hex(password, authority.getSalt()))) {
throw new IncorrectCredentialsException("密码不正确");
}*/
// 仅让管理员登录, 非管理员角色
if (onlyAdmin && !PlatformEnum.ADMIN.getName().equalsIgnoreCase(authority.getPlatform())) {
throw new DisabledAccountException("非系统管理账号");
}
if (EnableEnum.DISABLE.getValue() == authority.getEnabled()) {
throw new LockedAccountException("账号锁定");
}
return new SimpleAuthenticationInfo(authority, password, ByteSource.Util.bytes(authority.getSalt()), getName());
}
public void setOnlyAdmin(boolean onlyAdmin) {
this.onlyAdmin = onlyAdmin;
}
public void setAuthorityIFace(AuthorityIFace authorityIface) {
this.authorityIface = authorityIface;
}
}