ApacheShiro User Manual (IV) Realm implementation

As mentioned in the internal implementation mechanism of authentication and authorization, the final processing will be handed over to Real for processing. In Shiro, users, roles, and permissions in applications are obtained through Realm. Generally, in Realm, Shiro needs verification information directly from our data source. It can be said that Realm is a DAO dedicated to the security framework.

Apache Shiro User Manual (IV) Realm implementation

As mentioned in the internal implementation mechanism of authentication and authorization, the final processing will be handed over to Real for processing. In Shiro, users, roles, and permissions in applications are obtained through Realm. Generally, in Realm, Shiro needs verification information directly from our data source. It can be said that Realm is a DAO dedicated to the security framework.

I. authentication implementation

As mentioned above, the Shiro authentication process will be handed over to Realm for execution, and the getAuthenticationInfo (token) method of Realm will be called.

This method mainly performs the following operations:

1. check the submitted token for authentication

2. obtain user information from the data source (usually the database) based on the token information

3. verify the user information.

4. after verification, an AuthenticationInfo instance that encapsulates user information is returned.

5. if verification fails, the AuthenticationException is thrown.

What we need to do in our application is to customize a Realm class, inherit the AuthorizingRealm abstract class, overload doGetAuthenticationInfo (), and override the method for getting user information.

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; User user = accountManager.findUserByUserName(token.getUsername()); if (user != null) { return new SimpleAuthenticationInfo(user.getUserName(), user.getPassword(), getName()); } else { return null; } }

II. authorization implementation

Authorization implementation is very similar to Authentication Implementation. in our custom Realm, reload the doGetAuthorizationInfo () method and override the method for obtaining user permissions.

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String userName = (String) principals.fromRealm(getName()).iterator().next(); User user = accountManager.findUserByUserName(userName); if (user != null) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for (Group group : user.getGroupList()) { info.addStringPermissions(group.getPermissionList()); } return info; } else { return null; } }

The above is the implementation of the Apache Shiro User Manual (IV) Realm. For more information, see The PHP Chinese website (www.php1.cn )!