In the authentication, authorization internal implementation mechanism is mentioned, the final processing will be handed over to real for processing. Because in Shiro, it is ultimately through realm to get the user, role, and permission information in the application. Typically, the validation information required by Shiro is obtained directly from our data source in realm. It can be said that realm is a DAO that is dedicated to the security framework.
first, the implementation of certification
As mentioned earlier, the Shiro certification process will eventually be handed over to realm, and the realm's Getauthenticationinfo method will be called.
The method mainly performs the following actions:
1. Check the token information submitted for authentication
2. Obtain user information from a data source (typically a database) based on the token information
3. Matching verification of user information
4. Validation by returning a AuthenticationInfo instance that encapsulates the user's information
5, the validation fails to throw Authenticationexception exception information
What we want to do in our application is to customize a realm class, inherit the Authorizingrealm abstract class, Overload dogetauthenticationinfo (), and rewrite the method of getting the user information.
Java code
- protected AuthenticationInfo dogetauthenticationinfo (Authenticationtoken authctoken) throws Authenticationexception {
- Usernamepasswordtoken token = (usernamepasswordtoken) Authctoken;
- User user = Accountmanager.finduserbyusername (token.getusername ());
- if (user != < span class= "keyword" style= "color:rgb (127, 0, 85); Font-weight:bold ">null ) {
- return new Simpleauthenticationinfo (User.getusername (), user.getpassword (), getname ());
- } Else {
- return null;
- }
- }
second, the authorization to achieve
And the authorization implementation is very similar to the authentication implementation, in our custom realm, the overloaded Dogetauthorizationinfo () method, overriding the way to get user permissions.
Java code
- protected Authorizationinfo Dogetauthorizationinfo (principalcollection principals) {
- String userName = (string) Principals.fromrealm (GetName ()). Iterator (). Next ();
- User user = Accountmanager.finduserbyusername (userName);
- if (user = null) {
- simpleauthorizationinfo info = new simpleauthorizationinfo ();
- for (Group group:user.getGroupList ()) {
- Info.addstringpermissions (Group.getpermissionlist ());
- }
- return info;
- } Else {
- return null;
- }
- }
Source:http://kdboy.iteye.com/blog/1169631
From for notes (Wiz)
Apache Shiro User's Manual (iv) REALM implementation