In the certification, authorization internal implementation mechanism are mentioned, the final processing will be entrusted to real processing. Because in Shiro, it is ultimately through realm to get the user, role, and permission information in the application. Typically, the authentication information required in the realm is obtained directly from our data source Shiro. You can say that realm is a DAO that is dedicated to the security framework.
First, the realization of certification
As mentioned earlier, the Shiro authentication process will eventually be performed by Realm, which invokes the realm Getauthenticationinfo (token) method.
This method mainly performs the following actions:
1, check the submitted for certification of the token information
2. Obtain user information from a data source (usually a database) based on token information
3, the user information to match the verification.
4. Validation will return a AuthenticationInfo instance that encapsulates the user's information.
5, the failure of validation throws authenticationexception exception information.
What we do in our applications is to customize a realm class, inherit Authorizingrealm abstract classes, Overload Dogetauthenticationinfo (), and override methods to get user information.
Copy Code code as follows:
Protected AuthenticationInfo Dogetauthenticationinfo (Authenticationtoken authctoken) throws Authenticationexception {
Usernamepasswordtoken token = (usernamepasswordtoken) Authctoken;
User user = Accountmanager.finduserbyusername (token.getusername ());
if (user!= null) {
return new Simpleauthenticationinfo (User.getusername (), User.getpassword (), GetName ());
} else {
return null;
}
}
II. implementation of the mandate
and the implementation of authorization is very similar to the authentication implementation, in our custom realm, overloaded Dogetauthorizationinfo () method, overriding the method of obtaining user rights.
Copy Code code as follows:
Protected Authorizationinfo Dogetauthorizationinfo (principalcollection principals) {
String userName = (string) Principals.fromrealm (GetName ()). Iterator (). Next ();
User user = Accountmanager.finduserbyusername (userName);
if (user!= null) {
Simpleauthorizationinfo info = new Simpleauthorizationinfo ();
For (Group group:user.getGroupList ()) {
Info.addstringpermissions (Group.getpermissionlist ());
}
return info;
} else {
return null;
}
}