Java Code Examples for org.apache.shiro.authz.SimpleAuthorizationInfo#addRoles()

@Override
public AuthorizationInfo buildAuthorizationInfo(PrincipalCollection principals) {
    String loginName = (String) principals.fromRealm("ShiroDbRealm").iterator().next();

    RoleService sysRoleApi = Jboot.service(RoleService.class);
    List<Role> sysRoleList = sysRoleApi.findByUserName(loginName);
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

    List<String> roleNameList = new ArrayList<String>();
    for (Role sysRole : sysRoleList) {
        roleNameList.add(sysRole.getName());
    }

    ResService sysResService = Jboot.service(ResService.class);
    List<Res> sysResList = sysResService.findByUserNameAndStatusUsed(loginName);
    List<String> urls = new ArrayList<String>();
    for (Res sysRes : sysResList) {
        urls.add(sysRes.getUrl());
    }

    info.addRoles(roleNameList);
    info.addStringPermissions(urls);
    return info;
}
 

/**
 * 获取授权信息方法，返回用户角色信息
 * */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
		PrincipalCollection principals) {
	if (principals == null) {
		throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
	}

	UserTest user = (UserTest) principals.getPrimaryPrincipal();
	SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
	if (user != null) {//获取用户角色信息
		List<String> roles = userServiceImpl.getRoleNames(user.getId());
		info.addRoles(roles);
	} else {
		SecurityUtils.getSubject().logout();
	}
	return info;
}
 

/**
 * 通过组集合，将集合中的role字段内容解析后添加到SimpleAuthorizationInfo授权信息中
 * 
 * @param info SimpleAuthorizationInfo
 * @param groupsList 组集合
 */
private void addRoles(SimpleAuthorizationInfo info, List<Group> groupsList) {
	
	//解析当前用户组中的role
       List<String> temp = CollectionUtils.extractToList(groupsList, "role", true);
       List<String> roles = getValue(temp,"roles\\[(.*?)\\]");
      
       //添加默认的roles到roels
       if (CollectionUtils.isNotEmpty(defaultRole)) {
       	CollectionUtils.addAll(roles, defaultRole.iterator());
       }
       
       //将当前用户拥有的roles设置到SimpleAuthorizationInfo中
       info.addRoles(roles);
	
}
 

/**
 * 只有当需要检测用户权限的时候才会调用此方法，例如checkRole,checkPermission之类的
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    String username = JwtUtil.getUsername(principals.toString());

    ShiroUser user = shiroFactroy.shiroUser(userService.findByAccount(username));
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    simpleAuthorizationInfo.addRoles(user.getRoleCodes());
    Set<String> permission = user.getPermissions();
    simpleAuthorizationInfo.addStringPermissions(permission);
    return simpleAuthorizationInfo;
}
 

/**
 * 权限认证
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    IShiro shiroFactory = ShiroFactroy.me();
    ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
    List<Integer> roleList = shiroUser.getRoleList();

    Set<String> permissionSet = new HashSet<>();
    Set<String> roleNameSet = new HashSet<>();

    for (Integer roleId : roleList) {
        List<String> permissions = shiroFactory.findPermissionsByRoleId(roleId);
        if (permissions != null) {
            for (String permission : permissions) {
                if (ToolUtil.isNotEmpty(permission)) {
                    permissionSet.add(permission);
                }
            }
        }
        String roleName = shiroFactory.findRoleNameByRoleId(roleId);
        roleNameSet.add(roleName);
    }

    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    info.addStringPermissions(permissionSet);
    info.addRoles(roleNameSet);
    return info;
}
 

/**
 * 权限认证
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    UserAuthService shiroFactory = UserAuthServiceServiceImpl.me();
    ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
    List<Integer> roleList = shiroUser.getRoleList();

    Set<String> permissionSet = new HashSet<>();
    Set<String> roleNameSet = new HashSet<>();

    for (Integer roleId : roleList) {
        List<String> permissions = shiroFactory.findPermissionsByRoleId(roleId);
        if (permissions != null) {
            for (String permission : permissions) {
                if (ToolUtil.isNotEmpty(permission)) {
                    permissionSet.add(permission);
                }
            }
        }
        String roleName = shiroFactory.findRoleNameByRoleId(roleId);
        roleNameSet.add(roleName);
    }

    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    info.addStringPermissions(permissionSet);
    info.addRoles(roleNameSet);
    return info;
}
 

/**
 * 只有当需要检测用户权限的时候才会调用此方法，例如checkRole,checkPermission之类的
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    String username = JwtUtil.getUsername(principals.toString());

    ShiroUser user = shiroFactroy.shiroUser(userService.findByAccount(username));
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    simpleAuthorizationInfo.addRoles(user.getRoleCodes());
    Set<String> permission = user.getPermissions();
    simpleAuthorizationInfo.addStringPermissions(permission);
    return simpleAuthorizationInfo;
}
 

/**
 * 查询权限，授权
 * 此方法调用hasRole,hasPermission的时候才会进行回调.
 * <p>
 * 权限信息.(授权):
 * 1、如果用户正常退出，缓存自动清空；
 * 2、如果用户非正常退出，缓存自动清空；
 * 3、如果我们修改了用户的权限，而用户不退出系统，修改的权限无法立即生效。
 * （需要手动编程进行实现；放在service进行调用）
 * 在权限修改后调用realm中的方法，realm已经由spring管理，所以从spring中获取realm实例，调用clearCached方法；
 * :Authorization 是授权访问控制，用于对用户进行的操作授权，证明该用户是否允许进行当前操作，如访问某个链接，某个资源文件等。
 *
 * @param principalCollection 身份集合
 * @return 授权信息
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    log.info("BaseRealm.doGetAuthorizationInfo() shiro授权");

    // 因为非正常退出，即没有显式调用 SecurityUtils.getSubject().logout() (可能是关闭浏览器，或超时)，但此时缓存依旧存在(principals)，需要清除身份
    if (!SecurityUtils.getSubject().isAuthenticated()) {
        doClearCache(principalCollection);
        SecurityUtils.getSubject().logout();
        return null;
    }

    // 简单授权信息
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    User user = SessionUtil.getCurrentUser();
    if (user != null) {
        Set<String> roleCodes = new HashSet<>();
        List<Role> roles = user.getRoles();
        for (Role role : roles) {
            roleCodes.add(role.getRoleCode());
        }
        //添加角色
        authorizationInfo.addRoles(roleCodes);

        Set<String> stringPermissions = new HashSet<>();
        List<Permission> permissions = user.getPermissions();
        for (Permission permission : permissions) {
            stringPermissions.add(permission.getPermissionCode());
        }
        // 添加权限
        authorizationInfo.addStringPermissions(stringPermissions);
    }

    return authorizationInfo;
}
 

/**
 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
 */
/* (non-Javadoc)
 * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
	System.out.println("开始授权查询");
	User curUser = userService.findByAccount(principals.getPrimaryPrincipal().toString());
	int userId = curUser.getId();
	SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
	List<Role> rolesList = roleService.selectRolesByUser(userId);
	List<Integer> roleIds = Lists.newArrayList();
	Set<String> roleCodes = Sets.newHashSet();
	if (null != rolesList && rolesList.size() > 0) {
		for (Role role : rolesList) {
			if (!Strings.isNullOrEmpty(role.getCode())) {
				roleIds.add(role.getId());
				roleCodes.add(role.getCode());
			}
		}
		info.addRoles(roleCodes);
	}
	
	// 权限
	Set<String> permissions = Sets.newHashSet();
	if (roleIds.size() > 0) {
		for (Integer roleId: roleIds) {
			List<String> dataList = permissionService.findPermissionsByRoleId(roleId);
			if(null != dataList && dataList.size() > 0) {
				permissions.addAll(dataList);
			}
		}
	}
	permissions.remove("");
	info.addStringPermissions(permissions);
	return info;
}
 

/**
 * Gets the authorization info for an API key's principals from the source (not from cache).
 */
private AuthorizationInfo getUncachedAuthorizationInfoFromPrincipals(PrincipalCollection principals) {
    SimpleAuthorizationInfo authInfo = new SimpleAuthorizationInfo();

    for (PrincipalWithRoles principal : getPrincipalsFromPrincipalCollection(principals)) {
        authInfo.addRoles(principal.getRoles());
    }

    return authInfo;
}
 

/**
 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
	ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
	User user = accountService.findUserByLoginName(shiroUser.loginName);
	SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
	info.addRoles(user.getRoleList());
	return info;
}
 

/**
 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
	ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
	User user = userService.findUserByLoginName(shiroUser.loginName);
	SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
	info.addRoles(user.getRoleList());
	return info;
}