Apcahe Shiro学习笔记(二):通过JDBC进行权限控制

时间:2024-01-04 19:12:56

一、概述:

  官方对Realm(领域)的描述:https://www.infoq.com/articles/apache-shiro

  Apcahe Shiro学习笔记(二):通过JDBC进行权限控制

  其功能本质上是一个安全特定的DAO,用于链接数据持久层(任何形式的都可以:数据库、properties文件,xml文件等),获取数据给Shiro使用。

二、数据库的搭建:

  创建数据库及表:

DROP DATABASE IF EXISTS `apptest`;
CREATE DATABASE `apptest` DEFAULT CHARACTER SET utf8 ; USE `apptest` ; DROP TABLE IF EXISTS `tb_customer`;
CREATE TABLE `tb_customer` (
`col_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键id',
`col_loginName` varchar(50) DEFAULT NULL COMMENT '登录名',
`col_password` varchar(128) DEFAULT NULL COMMENT '密码',
PRIMARY KEY (`col_id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COMMENT='用户表'; DROP TABLE IF EXISTS `tb_role`;
CREATE TABLE `tb_role` (
`col_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键id',
`col_roleName` varchar(45) DEFAULT NULL COMMENT '角色名称',
PRIMARY KEY (`col_id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COMMENT='角色表'; DROP TABLE IF EXISTS `tb_limit`;
CREATE TABLE `tb_limit` (
`col_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键id',
`col_limitName` varchar(45) DEFAULT NULL COMMENT '权限名称',
PRIMARY KEY (`col_id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COMMENT='权限表'; DROP TABLE IF EXISTS `tb_ref_customer_role`;
CREATE TABLE `tb_ref_customer_role` (
`col_customerId` int(11) NOT NULL COMMENT '用户主键id',
`col_roleId` int(11) NOT NULL COMMENT '角色主键id',
PRIMARY KEY (`col_customerId`,`col_roleId`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户角色管理表'; DROP TABLE IF EXISTS `tb_ref_role_limit`;
CREATE TABLE `tb_ref_role_limit` (
`col_roleId` int(11) NOT NULL COMMENT '角色主键id',
`col_limitId` int(11) NOT NULL COMMENT '权限主键id',
PRIMARY KEY (`col_roleId`,`col_limitId`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='角色权限管理表';

  插入测试数据:

USE `apptest` ;
#新增一个用户
INSERT INTO `apptest`.`tb_customer`(`col_loginName`,`col_password`)VALUES('sunnywen','');
#新增一个角色
INSERT INTO `apptest`.`tb_role`(`col_roleName`)VALUES('admin');
#新增4个权限
INSERT INTO `apptest`.`tb_limit`(`col_limitName`)VALUES('admin:create');
INSERT INTO `apptest`.`tb_limit`(`col_limitName`)VALUES('admin:update');
INSERT INTO `apptest`.`tb_limit`(`col_limitName`)VALUES('admin:query');
INSERT INTO `apptest`.`tb_limit`(`col_limitName`)VALUES('admin:delete');
#插入用户角色关联表
INSERT INTO `apptest`.`tb_ref_customer_role`(`col_customerId`,`col_roleId`)VALUES(1,1);
#插入角色权限管理表
INSERT INTO `apptest`.`tb_ref_role_limit`(`col_roleId`,`col_limitId`)VALUES(1,1);
INSERT INTO `apptest`.`tb_ref_role_limit`(`col_roleId`,`col_limitId`)VALUES(1,2);
INSERT INTO `apptest`.`tb_ref_role_limit`(`col_roleId`,`col_limitId`)VALUES(1,3);

  最后结果:

Apcahe Shiro学习笔记(二):通过JDBC进行权限控制 Apcahe Shiro学习笔记(二):通过JDBC进行权限控制 Apcahe Shiro学习笔记(二):通过JDBC进行权限控制 Apcahe Shiro学习笔记(二):通过JDBC进行权限控制 Apcahe Shiro学习笔记(二):通过JDBC进行权限控制

三、Java代码的实现:

  3.1、新建一个maven工程

  pom.xml文件如下:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <groupId>org.yoki.edu</groupId>
<artifactId>ShiroLearn</artifactId>
<version>1.0-SNAPSHOT</version> <properties>
<version.base>1.0-RELEASE</version.base>
<version.auth.shiro>1.2.3</version.auth.shiro>
<version.logger.log4j>1.2.9</version.logger.log4j>
</properties> <dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.41</version>
</dependency>
<!-- configure shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${version.auth.shiro}</version>
</dependency>
<!-- configure logging -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.9</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.3</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.25</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.12</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.2</version>
</dependency>
</dependencies> </project>

  非maven工程的参考jar包如下:

Apcahe Shiro学习笔记(二):通过JDBC进行权限控制

  目录结构:

Apcahe Shiro学习笔记(二):通过JDBC进行权限控制

  3.2、创建实体类:

  用户实体类LoginAccount

package org.yoki.edu;

/**
* Created by SunnyWen on 2017/7/3.
*/
public class LoginAccount { private Integer id ;
//用户登录名
private String loginName ;
//用户登录密码
private String password ; /*
* 省略setter、getter方法
*/
}

  角色实体类Role

  

package org.yoki.edu;

import java.util.ArrayList;
import java.util.List; /**
* Created by SunnyWen on 2017/7/3.
*/
public class Role { private Integer id ;
//角色名称
private String roleName ;
//权限名称List
private List<String> limitList = new ArrayList<>();
/*
* 省略setter、getter方法
*/ }

  3.3、创建数据库连接工具BusinessManager.java:

package org.yoki.edu;

import java.sql.*;
import java.util.ArrayList;
import java.util.List; /**
* Created by SunnyWen on 2017/7/3.
*/
public class BusinessManager { private static final String driver = "com.mysql.jdbc.Driver";
private static final String url = "jdbc:mysql://localhost:3306/apptest?Unicode=true&characterEncoding=UTF-8";
private static final String user = "root";
private static final String password = "root"; private static Connection connection ; static{
try {
Class.forName(driver);
connection = DriverManager.getConnection(url , user, password);
System.out.println("Connect database success !!!");
}catch (Exception e){
System.out.println("Connect database failure !!!");
e.printStackTrace();
} } public static Connection getConnection(){
if(null == connection){
synchronized (Connection.class){
if(null == connection) {
connection = buildConnection();
}
}
}
return connection ;
} private static Connection buildConnection(){
Connection connection = null ;
try {
Class.forName(driver);
connection = DriverManager.getConnection(url , user, password);
}catch (Exception e){
e.printStackTrace();
}
return connection ;
} /**
* 根据用户名获取角色及角色下的权限
* @param name
* @return
*/
public List<Role> listRoleByUserName(String name){
StringBuffer sql1 = new StringBuffer() ;
List<Role> list = new ArrayList<>() ;
sql1.append("select col_id , col_roleName from tb_role where col_id in( ") ;
sql1.append(" select distinct(col_roleId) from tb_ref_customer_role where col_customerId in ( " ) ;
sql1.append(" select col_id from tb_customer where col_loginName = ? " ) ;
sql1.append(" )" ) ;
sql1.append(") ;") ;
Connection connection = BusinessManager.getConnection() ;
try {
PreparedStatement statement = connection.prepareStatement(sql1.toString());
statement.setString(1 , name);
ResultSet set = statement.executeQuery() ;
while(set.next()){
Role role = new Role() ;
role.setId(set.getInt(1)) ;
role.setRoleName(set.getString(2)); ;
//根据角色ID获取权限名称
StringBuffer sql2 = new StringBuffer() ;
sql2.append("select col_limitName from tb_limit where col_id in (" ) ;
sql2.append(" select distinct(col_limitId) from tb_ref_role_limit where col_roleId = ?" ) ;
sql2.append(")" ) ;
statement = connection.prepareStatement(sql2.toString());
statement.setInt(1 , role.getId());
ResultSet set2 = statement.executeQuery() ;
while (set2.next()){
role.getLimitList().add(set2.getString(1));
}
list.add(role);
}
}catch (Exception e){
e.printStackTrace();
}
return list ;
} /**
* 根据用户名获取用户
* @param name
* @return
*/
public LoginAccount getLoginAccount(String name){
StringBuffer sb = new StringBuffer() ;
LoginAccount loginAccount = null ;
sb.append("select col_loginName , col_password from tb_customer where col_loginName = ?") ;
Connection connection = BusinessManager.getConnection() ;
try {
PreparedStatement statement = connection.prepareStatement(sb.toString());
statement.setString(1 , name);
ResultSet set = statement.executeQuery() ;
if(set.next()){
loginAccount = new LoginAccount() ;
loginAccount.setLoginName(set.getString(1));
loginAccount.setPassword(set.getString(2));
}
}catch (Exception e){
e.printStackTrace();
}
return loginAccount ;
} }

  3.4、继承Realm,实现用户的认证授权:

  CustomSecurity.java

package org.yoki.edu;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.Collection;
import java.util.List; /**
* Created by SunnyWen on 2017/7/3.
* 继承AuthorizingRealm
*/
public class CustomSecurityRealm extends AuthorizingRealm { //数据库链接工具
private BusinessManager businessManager = new BusinessManager(); /**
* 获取用户的授权信息
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) {
String username = (String) principals.fromRealm(getName()).iterator().next();
if (username != null) {
// 查询用户授权信息
Collection<Role> pers = businessManager.listRoleByUserName(username);
if (pers != null && !pers.isEmpty()) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for (Role role : pers){
//加入角色
info.addRole(role.getRoleName());
List<String> limitList = role.getLimitList() ;
for(String s : limitList){
//加入权限
info.addStringPermission(s);
}
}
return info;
}
}
return null;
} /**
* 获取用户的认证信息
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
//用户名密码Token
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
// 通过表单接收的用户名
String username = token.getUsername();
if (username != null && !"".equals(username)) {
//获取数据库中的用户
LoginAccount account = businessManager.getLoginAccount(username);
if (account != null) {
return new SimpleAuthenticationInfo(
account.getLoginName(), account.getPassword(), getName());
}
}
return null;
}   
  /**
  * 用户认证方式,方法为父类org.apache.shiro.realm.AuthenticatingRealm的方法<BR>
  * 复写此方法可以更改认证方式
  * @param token
  * @param info
  * @throws AuthenticationException
  */
  @Override
  protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException {
    //你可以实现自己的AuthenticationToken,如下
    //if(token instanceof MyAuthenticationToken){
    //  MyAuthenticationToken myToken = (MyAuthenticationToken)token ;
    //  if(myToken.isWeChatLoginFlag()){
    //    String openId = myToken.getOpenId() ;
    //    Customer customer = Customer.selectOneByOpenId(openId);
    //    if(null == customer){
    //      String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials.";
    //      throw new IncorrectCredentialsException(msg);
    //    }
    //    return;
    //  }
    //}     //下方为源码,使用MD5校验方式校验用户名密码
  CredentialsMatcher cm = getCredentialsMatcher();
  if (cm != null) {
  if (!cm.doCredentialsMatch(token, info)) {
  //not successful - throw an exception to indicate this:
  String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials.";
  throw new IncorrectCredentialsException(msg);
  }
  } else {
  throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " +
"credentials during authentication. If you do not wish for credentials to be examined, you " +
"can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance.");
  }
  }
}

  shiro.ini配置文件

[main]
customSecurityRealm=org.yoki.edu.CustomSecurityRealm
#配置SecurityManager的realm,可以配置多个,使用逗号隔开
securityManager.realms=$customSecurityRealm

  3.5、测试:

package org.yoki.edu;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory; /**
* Created by SunnyWen on 2017/7/3.
*/
public class MainTest { public static void main(String[] args) {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken("sunnywen", "222222");
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (UnknownAccountException uae) {
System.out.println("用户: " + token.getPrincipal() + " 不存在!!!");
} catch (IncorrectCredentialsException ice) {
System.out.println("用户: " + token.getPrincipal() + " 密码错误!!!");
try {
System.out.println("用户: " + token.getPrincipal() + " 再次尝试登陆!!!");
token = new UsernamePasswordToken("sunnywen", "111111");
token.setRememberMe(true);
currentUser.login(token);
} catch (UnknownAccountException uae) {
System.out.println("用户: " + token.getPrincipal() + " 不存在!!!");
} catch (IncorrectCredentialsException ice2) {
System.out.println("用户: " + token.getPrincipal() + " 密码错误!!!");
} catch (LockedAccountException lae) {
System.out.println("用户: " + token.getPrincipal() + " 已经被冻结!!!");
} catch (AuthenticationException ae) {
}
} catch (LockedAccountException lae) {
System.out.println("用户: " + token.getPrincipal() + " 已经被冻结!!!");
} catch (AuthenticationException ae) {
}
}
if(null != currentUser.getPrincipal())
System.out.println("用户: " + currentUser.getPrincipal() + " 登录成功!!!"); if (currentUser.hasRole("admin")) {
System.out.println("用户: " + currentUser.getPrincipal() + " 拥有角色'admin'");
} else {
System.out.println("对不起,用户: " + currentUser.getPrincipal() + " 尚未拥有角色'admin'");
} if (currentUser.isPermitted("admin:create")) {
System.out.println("用户: " + currentUser.getPrincipal() + " 拥有权限'admin:create'");
} else {
System.out.println("对不起,用户: " + currentUser.getPrincipal() + " 尚未拥有权限'admin:create'");
} if (currentUser.isPermitted("admin:update")) {
System.out.println("用户: " + currentUser.getPrincipal() + " 拥有权限'admin:update'");
} else {
System.out.println("对不起,用户: " + currentUser.getPrincipal() + " 尚未拥有权限'admin:update'");
} if (currentUser.isPermitted("admin:query")) {
System.out.println("用户: " + currentUser.getPrincipal() + " 拥有权限'admin:query'");
} else {
System.out.println("对不起,用户: " + currentUser.getPrincipal() + " 尚未拥有权限'admin:query'");
} if (currentUser.isPermitted("admin:delete")) {
System.out.println("用户: " + currentUser.getPrincipal() + " 拥有权限'admin:delete'");
} else {
System.out.println("对不起,用户: " + currentUser.getPrincipal() + " 尚未拥有权限'admin:delete'");
} currentUser.logout();
try {
Thread.sleep(500);
}catch (Exception e){
e.printStackTrace();
}
} }

  结果:

Connect database success !!!
用户: sunnywen 密码错误!!!
用户: sunnywen 再次尝试登陆!!!
用户: sunnywen 登录成功!!!
用户: sunnywen 拥有角色'admin'
用户: sunnywen 拥有权限'admin:create'
用户: sunnywen 拥有权限'admin:update'
用户: sunnywen 拥有权限'admin:query'
对不起,用户: sunnywen 尚未拥有权限'admin:delete'

转载请标明转载出处 : https://i.cnblogs.com/EditPosts.aspx?postid=7115108