Apache Shiro User's Manual (iv) REALM implementation

Apache Shiro User's Manual (iv) REALM implementation

In the authentication, authorization internal implementation mechanism is mentioned, the final processing will be handed over to real for processing. Because in Shiro, it is ultimately through realm to get the user, role, and permission information in the application. Typically, the validation information required by Shiro is obtained directly from our data source in realm. It can be said that realm is a DAO that is dedicated to the security framework.

First, the implementation of certification

As mentioned earlier, the Shiro certification process will eventually be handed over to realm, and the realm's Getauthenticationinfo method will be called.

The method mainly performs the following actions:

1. Check the token information submitted for authentication

2. Obtain user information from a data source (typically a database) based on the token information

3, the user information to match authentication.

4. Validation will return a AuthenticationInfo instance that encapsulates the user's information.

5, the validation fails to throw Authenticationexception exception information.

What we want to do in our application is to customize a realm class, inherit the Authorizingrealm abstract class, Overload dogetauthenticationinfo (), and rewrite the method of getting the user information.

Protected AuthenticationInfo Dogetauthenticationinfo (Authenticationtoken authctoken) throws Authenticationexception {Usernamepasswordtoken token = (usernamepasswordtoken) Authctoken; User user = Accountmanager.finduserbyusername (token.getusername ()); if (user! = null) {return new Simpleauthenticationinfo (User.getusername (), User.getpassword (), GetName ()));} else {retur n null; } }

Second, the authorization to achieve

And the authorization implementation is very similar to the authentication implementation, in our custom realm, the overloaded Dogetauthorizationinfo () method, overriding the way to get user permissions.

Protected Authorizationinfo Dogetauthorizationinfo (PrincipalCollection principals) {String userName = (string) Principals.fromrealm (GetName ()). Iterator (). Next (); User user = Accountmanager.finduserbyusername (userName); if (user! = null) {Simpleauthorizationinfo info = new Simpleauthorizationinfo (); for (Group group:user.getGroupList ()) {info.addstringpermissions (Group.getpermissionlist ());} return info; } else {return null;}}

The above is the Apache Shiro user manual (iv) REALM implementation content, more relevant content please pay attention to topic.alibabacloud.com (www.php.cn)!

