Java Code Examples for org.apache.shiro.authz.SimpleAuthorizationInfo#addStringPermissions()
The following examples show how to use
org.apache.shiro.authz.SimpleAuthorizationInfo#addStringPermissions() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: MyRealm.java From shiroDemo with Apache License 2.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取登录时输入的用户名
String loginName = (String) principalCollection.fromRealm(getName()).iterator().next();
//到数据库查是否有此对象
User user = this.getDao().findByName(loginName);
if (user != null) {
//权限信息对象info,用来存放查出的用户的所有的角色(role)及权限(permission)
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//用户的角色集合
info.setRoles(user.getRolesName());
//用户的角色对应的所有权限,如果只使用角色定义访问权限,下面的四行可以不要
List<Role> roleList = user.getRoleList();
for (Role role : roleList) {
info.addStringPermissions(role.getPermissionsString());
}
return info;
}
return null;
}
Example 2
| Source File: CustomRealm.java From wangmarket with Apache License 2.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
ActiveUser activeUser = (ActiveUser) principals.getPrimaryPrincipal();
List<Permission> permissionList = null;
try {
permissionList = activeUser.getPermissions();
} catch (Exception e) {
e.printStackTrace();
}
//单独定一个集合对象
List<String> permissions = new ArrayList<String>();
if(permissionList!=null){
for(Permission permission:permissionList){
//将数据库中的权限标签 符放入集合
permissions.add(permission.getPercode());
}
}
//查到权限数据,返回授权信息(要包括 上边的permissions)
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//将上边查询到授权信息填充到simpleAuthorizationInfo对象中
simpleAuthorizationInfo.addStringPermissions(permissions);
return simpleAuthorizationInfo;
}
Example 3
| Source File: JpaRealm.java From init-spring with Apache License 2.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
{
String username = principals.getPrimaryPrincipal().toString();
User user = this.jpaRealmRepository.findUserByName(username);
if (null != user)
{
SimpleAuthorizationInfo authorization = new SimpleAuthorizationInfo();
for (Role role : user.getRoles())
{
authorization.addStringPermissions(role.getPermissions());
}
return authorization;
}
return null;
}
Example 4
| Source File: UserRealm.java From ssm with Apache License 2.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SysUser sysUser = (SysUser)principals.getPrimaryPrincipal();
List<SysPermission> sysPermissions = sysPermissionService.getPermissionsByUserAccount(sysUser.getAccount());
List<String> permissionValus = new ArrayList<String>();
if (sysPermissions != null) {
// System.out.println(sysPermissions.size());
for (SysPermission sysPermission : sysPermissions) {
permissionValus.add(sysPermission.getValue());
// System.out.println(sysPermission.toString());
}
}
SimpleAuthorizationInfo simpleAuthorizationInfo
= new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addStringPermissions(permissionValus);
return simpleAuthorizationInfo;
}
Example 5
| Source File: LoginAuth.java From jboot-admin with Apache License 2.0 | 6 votes |
|
@Override
public AuthorizationInfo buildAuthorizationInfo(PrincipalCollection principals) {
String loginName = (String) principals.fromRealm("ShiroDbRealm").iterator().next();
RoleService sysRoleApi = Jboot.service(RoleService.class);
List<Role> sysRoleList = sysRoleApi.findByUserName(loginName);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
List<String> roleNameList = new ArrayList<String>();
for (Role sysRole : sysRoleList) {
roleNameList.add(sysRole.getName());
}
ResService sysResService = Jboot.service(ResService.class);
List<Res> sysResList = sysResService.findByUserNameAndStatusUsed(loginName);
List<String> urls = new ArrayList<String>();
for (Res sysRes : sysResList) {
urls.add(sysRes.getUrl());
}
info.addRoles(roleNameList);
info.addStringPermissions(urls);
return info;
}
Example 6
| Source File: MyShiroRealm.java From pybbs with GNU Affero General Public License v3.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//访问@RequirePermission注解的url时触发
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
AdminUser adminUser = adminUserService.selectByUsername(principals.toString());
//获得用户的角色,及权限进行绑定
Role role = roleService.selectById(adminUser.getRoleId());
// 其实这里也可以不要权限那个类了,直接用角色这个类来做鉴权,
// 不过角色包含很多的权限,已经算是大家约定的了,所以下面还是查询权限然后放在AuthorizationInfo里
simpleAuthorizationInfo.addRole(role.getName());
// 查询权限
List<Permission> permissions = permissionService.selectByRoleId(adminUser.getRoleId());
// 将权限具体值取出来组装成一个权限String的集合
List<String> permissionValues = permissions.stream().map(Permission::getValue).collect(Collectors.toList());
// 将权限的String集合添加进AuthorizationInfo里,后面请求鉴权有用
simpleAuthorizationInfo.addStringPermissions(permissionValues);
return simpleAuthorizationInfo;
}
Example 7
| Source File: ShiroService.java From VideoMeeting with Apache License 2.0 | 5 votes |
|
/**
* 为当前登录的subject授予角色和权限
*/
@Transactional
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
System.out.println("--------------doGetAuthorizationInfo------------");
String username = (String) super.getAvailablePrincipal(principals);
System.out
.println("--------------doGetAuthorizationInfo------------username:"
+ username);
// User user = userService.getByUserName(username);
User user = userDao.get("from User u where u.username = ?",
new String[] { username });
if (null != user) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(
user.getRoleName());
if (user.getRoleList() != null) {
for (Role role : user.getRoleList()) {
info.addStringPermissions(role.getPermissionName());
}
}
return info;
} else {
// throw new AuthorizationException();
return null;
}
}
Example 8
| Source File: ShiroDBRealm.java From tianti with Apache License 2.0 | 5 votes |
|
/**
* 授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userName = (String) principals.getPrimaryPrincipal();
User user = userService.findUserByName(userName);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<Role> roleSet = user.getRoles();
Set<String> permissionSet = new HashSet<String>();
for (Role role : roleSet) {
if(StringUtils.isNotBlank(role.getRoleName())){
info.addRole(role.getRoleName());
Set<Resource> resources = role.getResources();
if(resources!=null && !resources.isEmpty()){
for(Resource r : resources){
if(StringUtils.isNotBlank(r.getUrl())){
permissionSet.add(r.getUrl());
}
}
}
}
}
info.addStringPermissions(permissionSet);
return info;
}
Example 9
| Source File: AuthorizationRealm.java From base-framework with Apache License 2.0 | 5 votes |
|
/**
* 通过资源集合,将集合中的permission字段内容解析后添加到SimpleAuthorizationInfo授权信息中
*
* @param info SimpleAuthorizationInfo
* @param authorizationInfo 资源集合
*/
private void addPermissions(SimpleAuthorizationInfo info,List<Resource> authorizationInfo) {
//解析当前用户资源中的permissions
List<String> temp = CollectionUtils.extractToList(authorizationInfo, "permission", true);
List<String> permissions = getValue(temp,"perms\\[(.*?)\\]");
//添加默认的permissions到permissions
if (CollectionUtils.isNotEmpty(defaultPermission)) {
CollectionUtils.addAll(permissions, defaultPermission.iterator());
}
//将当前用户拥有的permissions设置到SimpleAuthorizationInfo中
info.addStringPermissions(permissions);
}
Example 10
| Source File: UserRealm.java From SpringBoot-Shiro-Vue with MIT License | 5 votes |
|
@Override
@SuppressWarnings("unchecked")
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Session session = SecurityUtils.getSubject().getSession();
//查询用户的权限
JSONObject permission = (JSONObject) session.getAttribute(Constants.SESSION_USER_PERMISSION);
logger.info("permission的值为:" + permission);
logger.info("本用户权限为:" + permission.get("permissionList"));
//为当前用户设置角色和权限
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addStringPermissions((Collection<String>) permission.get("permissionList"));
return authorizationInfo;
}
Example 11
| Source File: ShiroDbRealm.java From xmanager with Apache License 2.0 | 5 votes |
|
/**
* Shiro权限认证
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setRoles(shiroUser.getRoles());
info.addStringPermissions(shiroUser.getUrlSet());
return info;
}
Example 12
| Source File: BaseRealm.java From spring-boot-seed with MIT License | 5 votes |
|
/**
* 查询权限,授权
* 此方法调用hasRole,hasPermission的时候才会进行回调.
* <p>
* 权限信息.(授权):
* 1、如果用户正常退出,缓存自动清空;
* 2、如果用户非正常退出,缓存自动清空;
* 3、如果我们修改了用户的权限,而用户不退出系统,修改的权限无法立即生效。
* (需要手动编程进行实现;放在service进行调用)
* 在权限修改后调用realm中的方法,realm已经由spring管理,所以从spring中获取realm实例,调用clearCached方法;
* :Authorization 是授权访问控制,用于对用户进行的操作授权,证明该用户是否允许进行当前操作,如访问某个链接,某个资源文件等。
*
* @param principalCollection 身份集合
* @return 授权信息
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
log.info("BaseRealm.doGetAuthorizationInfo() shiro授权");
// 因为非正常退出,即没有显式调用 SecurityUtils.getSubject().logout() (可能是关闭浏览器,或超时),但此时缓存依旧存在(principals),需要清除身份
if (!SecurityUtils.getSubject().isAuthenticated()) {
doClearCache(principalCollection);
SecurityUtils.getSubject().logout();
return null;
}
// 简单授权信息
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
User user = SessionUtil.getCurrentUser();
if (user != null) {
Set<String> roleCodes = new HashSet<>();
List<Role> roles = user.getRoles();
for (Role role : roles) {
roleCodes.add(role.getRoleCode());
}
//添加角色
authorizationInfo.addRoles(roleCodes);
Set<String> stringPermissions = new HashSet<>();
List<Permission> permissions = user.getPermissions();
for (Permission permission : permissions) {
stringPermissions.add(permission.getPermissionCode());
}
// 添加权限
authorizationInfo.addStringPermissions(stringPermissions);
}
return authorizationInfo;
}
Example 13
| Source File: UserRealm.java From SpringBoot-Shiro-Vue-master-20180625 with Apache License 2.0 | 5 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Session session = SecurityUtils.getSubject().getSession();
//查询用户的权限
JSONObject permission = (JSONObject) session.getAttribute(Constants.SESSION_USER_PERMISSION);
logger.info("permission的值为:" + permission);
logger.info("本用户权限为:" + permission.get("permissionList"));
//为当前用户设置角色和权限
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addStringPermissions((Collection<String>) permission.get("permissionList"));
return authorizationInfo;
}
Example 14
| Source File: ApiRealm.java From flash-waimai with MIT License | 5 votes |
|
/**
* 只有当需要检测用户权限的时候才会调用此方法,例如checkRole,checkPermission之类的
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = JwtUtil.getUsername(principals.toString());
ShiroUser user = shiroFactroy.shiroUser(userService.findByAccount(username));
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRoles(user.getRoleCodes());
Set<String> permission = user.getPermissions();
simpleAuthorizationInfo.addStringPermissions(permission);
return simpleAuthorizationInfo;
}
Example 15
| Source File: FastDepShiroJwtConfig.java From fastdep with Apache License 2.0 | 5 votes |
|
@Override
public SimpleAuthorizationInfo getAuthorizationInfo(String userId) {
Set<String> collect = userRequestDataMapper.selectOptions().stream().map(u -> u.getUserId().toString()).collect(Collectors.toSet());
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
System.out.println(collect);
// 当前值为 [1]
simpleAuthorizationInfo.addStringPermissions(collect);
return simpleAuthorizationInfo;
}
Example 16
| Source File: AdminRealm.java From ZTuoExchange_framework with MIT License | 5 votes |
|
/**
* 授权
*
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String currentUsername = (String) getAvailablePrincipal(principals);
log.info("doGetAuthorizationInfo,user:" + currentUsername);
List<String> permissionList = new ArrayList<>();
Admin admin = (Admin) getSession(SysConstant.SESSION_ADMIN);
if (null == admin) {
throw new AuthorizationException();
}
try {
List<SysPermission> list;
if ("root".equalsIgnoreCase(admin.getUsername())) {
list = sysPermissionService.findAll();
} else {
SysRole sysRole = sysRoleService.findOne(admin.getRoleId());
list = sysRole.getPermissions();
}
//获取当前用户权限列表
list.forEach(x -> {
if (!StringUtils.isEmpty(x.getName())) {
permissionList.add(x.getName());
}
});
} catch (Exception e) {
e.printStackTrace();
throw new AuthorizationException();
}
log.info("permission list {}", permissionList);
SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
simpleAuthorInfo.addStringPermissions(permissionList);
return simpleAuthorInfo;
}
Example 17
| Source File: ShiroDbRealm.java From WebStack-Guns with MIT License | 5 votes |
|
/**
* 权限认证
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
UserAuthService shiroFactory = UserAuthServiceServiceImpl.me();
ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
List<Integer> roleList = shiroUser.getRoleList();
Set<String> permissionSet = new HashSet<>();
Set<String> roleNameSet = new HashSet<>();
for (Integer roleId : roleList) {
List<String> permissions = shiroFactory.findPermissionsByRoleId(roleId);
if (permissions != null) {
for (String permission : permissions) {
if (ToolUtil.isNotEmpty(permission)) {
permissionSet.add(permission);
}
}
}
String roleName = shiroFactory.findRoleNameByRoleId(roleId);
roleNameSet.add(roleName);
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermissions(permissionSet);
info.addRoles(roleNameSet);
return info;
}
Example 18
| Source File: SampleRealm.java From java-course-ee with MIT License | 5 votes |
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Long userId = (Long) principals.fromRealm(getName()).iterator().next();
User user = userDAO.getUser(userId);
if (user != null) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for (Role role : user.getRoles()) {
info.addRole(role.getName());
info.addStringPermissions(role.getPermissions());
}
return info;
} else {
return null;
}
}
Example 19
| Source File: ApiRealm.java From web-flash with MIT License | 5 votes |
|
/**
* 只有当需要检测用户权限的时候才会调用此方法,例如checkRole,checkPermission之类的
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = JwtUtil.getUsername(principals.toString());
ShiroUser user = shiroFactroy.shiroUser(userService.findByAccount(username));
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRoles(user.getRoleCodes());
Set<String> permission = user.getPermissions();
simpleAuthorizationInfo.addStringPermissions(permission);
return simpleAuthorizationInfo;
}
Example 20
| Source File: AdminRealm.java From ZTuoExchange_framework with MIT License | 5 votes |
|
/**
* 授权
*
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String currentUsername = (String) getAvailablePrincipal(principals);
log.info("doGetAuthorizationInfo,user:" + currentUsername);
List<String> permissionList = new ArrayList<>();
Admin admin = (Admin) getSession(SysConstant.SESSION_ADMIN);
if (null == admin) {
throw new AuthorizationException();
}
try {
List<SysPermission> list;
if ("root".equalsIgnoreCase(admin.getUsername())) {
list = sysPermissionService.findAll();
} else {
SysRole sysRole = sysRoleService.findOne(admin.getRoleId());
list = sysRole.getPermissions();
}
//获取当前用户权限列表
list.forEach(x -> {
if (!StringUtils.isEmpty(x.getName())) {
permissionList.add(x.getName());
}
});
} catch (Exception e) {
e.printStackTrace();
throw new AuthorizationException();
}
log.info("permission list {}", permissionList);
SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
simpleAuthorInfo.addStringPermissions(permissionList);
return simpleAuthorInfo;
}
