From 0add169ad28bd76b3e2d8eeda222dce44bdb429d Mon Sep 17 00:00:00 2001 From: nineya <361654768@qq.com> Date: Thu, 18 Feb 2021 03:13:11 +0800 Subject: [PATCH] =?UTF-8?q?Shiro=20=E6=B7=BB=E5=8A=A0=E5=A4=9A=20realm=20?= =?UTF-8?q?=E5=AE=9E=E7=8E=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/nineya/shiro/config/ManageRealm.java | 83 +++++++++++++++++++ .../shiro/config/ShiroConfiguration.java | 62 ++++++++++++-- .../StudyModularRealmAuthenticator.java | 31 +++++++ .../config/StudyModularRealmAuthorizer.java | 57 +++++++++++++ .../com/nineya/shiro/config/StudyRealm.java | 7 +- .../shiro/controller/LoginController.java | 39 +++++++++ .../com/nineya/shiro/entity/JwtToken.java | 21 +++++ .../com/nineya/shiro/entity/LoginType.java | 9 ++ .../java/com/nineya/shiro/entity/Manage.java | 60 ++++++++++++++ .../com/nineya/shiro/filter/TokenFilter.java | 17 +++- .../nineya/shiro/service/LoginService.java | 8 ++ .../shiro/service/impl/LoginServiceImpl.java | 12 +++ 12 files changed, 395 insertions(+), 11 deletions(-) create mode 100644 shiro-study/src/main/java/com/nineya/shiro/config/ManageRealm.java create mode 100644 shiro-study/src/main/java/com/nineya/shiro/config/StudyModularRealmAuthenticator.java create mode 100644 shiro-study/src/main/java/com/nineya/shiro/config/StudyModularRealmAuthorizer.java create mode 100644 shiro-study/src/main/java/com/nineya/shiro/entity/JwtToken.java create mode 100644 shiro-study/src/main/java/com/nineya/shiro/entity/LoginType.java create mode 100644 shiro-study/src/main/java/com/nineya/shiro/entity/Manage.java diff --git a/shiro-study/src/main/java/com/nineya/shiro/config/ManageRealm.java b/shiro-study/src/main/java/com/nineya/shiro/config/ManageRealm.java new file mode 100644 index 0000000..5e10c21 --- /dev/null +++ b/shiro-study/src/main/java/com/nineya/shiro/config/ManageRealm.java @@ -0,0 +1,83 @@ +package com.nineya.shiro.config; + +import com.nineya.shiro.entity.*; +import com.nineya.shiro.service.LoginService; +import com.nineya.shiro.util.UserTokenUtil; +import org.apache.catalina.realm.AuthenticatedUserRealm; +import org.apache.shiro.authc.*; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.SimpleAuthorizationInfo; +import org.apache.shiro.realm.AuthenticatingRealm; +import org.apache.shiro.realm.AuthorizingRealm; +import org.apache.shiro.subject.PrincipalCollection; +import org.springframework.util.StringUtils; + +import javax.annotation.Resource; +import java.util.stream.Collectors; + +/** + * 自定义管理员的 realm + * + * @author 殇雪话诀别 + * 2021/2/15 + */ +public class ManageRealm extends AuthorizingRealm { + @Resource + private LoginService loginService; + @Resource + private UserTokenUtil tokenUtil; + + @Override + public boolean supports(AuthenticationToken token) { + return token instanceof JwtToken; + } + + /** + * 授权,在认证之后执行 + * @param principals + * @return + */ + @Override + protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + System.out.println(this.getClass().getName()); + String token = (String) principals.getPrimaryPrincipal(); + String name = tokenUtil.getUserName(token); + Manage manage = loginService.getManageById(Long.parseLong(name)); + if (manage == null) { + return null; + } + // 添加角色和权限 + SimpleAuthorizationInfo simpleAuthenticationInfo = new SimpleAuthorizationInfo(); + for (Role role : manage.getRoles()) { + // 添加角色 + simpleAuthenticationInfo.addRole(role.getRoleName()); + // 添加权限 + simpleAuthenticationInfo.addStringPermissions(role.getPermissions().stream() + .map(Permissions::getPermissionsName).collect(Collectors.toSet())); + } + return simpleAuthenticationInfo; + } + + /** + * 认证 + * @param token + * @return + * @throws AuthenticationException + */ + @Override + protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + System.out.println(this.getClass().getName()); + if (StringUtils.isEmpty(token.getPrincipal())) { + return null; + } + String name = tokenUtil.getUserName((String) token.getPrincipal()); + Manage manage = loginService.getManageById(Long.parseLong(name)); + if (manage == null) { + return null; + } + // 第一个参数是主体,将会在授权时封装成PrincipalCollection.getPrimaryPrincipal()进行使用,所以必须将jwt内容传回 + // 第二个参数是认证信息,即密码,为后面验证可以通过,需要和token中的内容一样 + // 第三个参数是领域名称 + return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName()); + } +} diff --git a/shiro-study/src/main/java/com/nineya/shiro/config/ShiroConfiguration.java b/shiro-study/src/main/java/com/nineya/shiro/config/ShiroConfiguration.java index f5a718d..4629997 100644 --- a/shiro-study/src/main/java/com/nineya/shiro/config/ShiroConfiguration.java +++ b/shiro-study/src/main/java/com/nineya/shiro/config/ShiroConfiguration.java @@ -1,6 +1,10 @@ package com.nineya.shiro.config; +import com.nineya.shiro.entity.LoginType; import com.nineya.shiro.filter.TokenFilter; +import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy; +import org.apache.shiro.authc.pam.ModularRealmAuthenticator; +import org.apache.shiro.authz.ModularRealmAuthorizer; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.realm.Realm; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; @@ -11,7 +15,9 @@ import org.springframework.context.annotation.Configuration; import javax.servlet.Filter; +import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; /** @@ -24,6 +30,7 @@ public class ShiroConfiguration { /** * 配置代理,没有配置将会导致注解不生效 + * * @return */ @Bean @@ -35,6 +42,7 @@ public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { /** * 配置代理,没有配置将会导致注解不生效 + * * @return */ @Bean @@ -46,17 +54,33 @@ public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(S /** * 将自己的验证方式加入容器 + * * @return */ @Bean public Realm studyRealm() { StudyRealm studyRealm = new StudyRealm(); + studyRealm.setName(LoginType.USER.name()); return studyRealm; } + /** + * 将自己的验证方式加入容器 + * + * @return + */ + @Bean + public Realm manageRealm() { + ManageRealm manageRealm = new ManageRealm(); + manageRealm.setName(LoginType.MANAGE.name()); + return manageRealm; + } + + /** * 不应该将过滤器的实现注册为bean,否则会导致Filter过滤器顺序混乱,导致抛出异常 * 如果一定要注册为 Bean,可以使用 Order 指定优先级,还未尝试过 + * * @return */ public TokenFilter tokenFilter() { @@ -65,12 +89,13 @@ public TokenFilter tokenFilter() { /** * Filter工厂,设置对应的过滤条件和跳转条件 + * * @return */ @Bean - public ShiroFilterFactoryBean shiroFilterFactoryBean() { + public ShiroFilterFactoryBean shiroFilterFactoryBean(List realms) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); - shiroFilterFactoryBean.setSecurityManager(securityManager()); + shiroFilterFactoryBean.setSecurityManager(securityManager(realms)); Map map = new HashMap<>(); //登出 map.put("/logout", "logout"); @@ -83,19 +108,44 @@ public ShiroFilterFactoryBean shiroFilterFactoryBean() { //错误页面,认证不通过跳转 shiroFilterFactoryBean.setUnauthorizedUrl("/error"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); - shiroFilterFactoryBean.setFilters(new HashMap(){{put("jwt", tokenFilter());}}); + shiroFilterFactoryBean.setFilters(new HashMap() {{ + put("jwt", tokenFilter()); + }}); return shiroFilterFactoryBean; } /** * 权限管理,配置主要是Realm的管理认证,同时可以配置缓存管理等 + * * @return */ @Bean - public DefaultWebSecurityManager securityManager() { + public DefaultWebSecurityManager securityManager(List realms) { DefaultWebSecurityManager webSecurityManager = new DefaultWebSecurityManager(); - //realm管理 - webSecurityManager.setRealm(studyRealm()); + webSecurityManager.setAuthenticator(modularRealmAuthenticator()); + webSecurityManager.setAuthorizer(modularRealmAuthorizer()); + //realm管理,必须在两个modular之后,因为会对这两个对象进行设值 + webSecurityManager.setRealms(realms); return webSecurityManager; } + + /** + * 针对多realm,用于认证阶段 + */ + @Bean + public ModularRealmAuthenticator modularRealmAuthenticator() { + //自己重写的ModularRealmAuthenticator + StudyModularRealmAuthenticator modularRealmAuthenticator = new StudyModularRealmAuthenticator(); + modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy()); + return modularRealmAuthenticator; + } + + /** + * 针对多realm,用于授权阶段 + * @return + */ + @Bean + public ModularRealmAuthorizer modularRealmAuthorizer() { + return new StudyModularRealmAuthorizer(); + } } diff --git a/shiro-study/src/main/java/com/nineya/shiro/config/StudyModularRealmAuthenticator.java b/shiro-study/src/main/java/com/nineya/shiro/config/StudyModularRealmAuthenticator.java new file mode 100644 index 0000000..bdc8bf1 --- /dev/null +++ b/shiro-study/src/main/java/com/nineya/shiro/config/StudyModularRealmAuthenticator.java @@ -0,0 +1,31 @@ +package com.nineya.shiro.config; + +import com.nineya.shiro.entity.JwtToken; +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.pam.ModularRealmAuthenticator; +import org.apache.shiro.realm.Realm; + +import java.util.Collection; + +/** + * @author 殇雪话诀别 + * 2021/2/17 + */ +public class StudyModularRealmAuthenticator extends ModularRealmAuthenticator { + @Override + protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException { + // 判断 Realm 是否为空 + assertRealmsConfigured(); + Collection realms = getRealms(); + JwtToken jwtToken = (JwtToken) authenticationToken; + String loginType = jwtToken.getLoginType().name(); + for (Realm realm : realms) { + if (realm.getName().equals(loginType)) { + return doSingleRealmAuthentication(realm, authenticationToken); + } + } + return null; + } +} diff --git a/shiro-study/src/main/java/com/nineya/shiro/config/StudyModularRealmAuthorizer.java b/shiro-study/src/main/java/com/nineya/shiro/config/StudyModularRealmAuthorizer.java new file mode 100644 index 0000000..7f7ffc9 --- /dev/null +++ b/shiro-study/src/main/java/com/nineya/shiro/config/StudyModularRealmAuthorizer.java @@ -0,0 +1,57 @@ +package com.nineya.shiro.config; + +import org.apache.shiro.authz.Authorizer; +import org.apache.shiro.authz.ModularRealmAuthorizer; +import org.apache.shiro.authz.Permission; +import org.apache.shiro.realm.Realm; +import org.apache.shiro.subject.PrincipalCollection; + +import java.util.Set; + +/** + * @author 殇雪话诀别 + * 2021/2/18 + */ +public class StudyModularRealmAuthorizer extends ModularRealmAuthorizer { + @Override + public boolean isPermitted(PrincipalCollection principals, String permission) { + assertRealmsConfigured(); + Set realmNames = principals.getRealmNames(); + for (Realm realm : getRealms()) { + if (!(realm instanceof Authorizer)) continue; + // 仅比较 realmName 对应得上的 realm + if (realmNames.contains(realm.getName())) { + return ((Authorizer) realm).isPermitted(principals, permission); + } + } + return false; + } + + @Override + public boolean isPermitted(PrincipalCollection principals, Permission permission) { + assertRealmsConfigured(); + Set realmNames = principals.getRealmNames(); + for (Realm realm : getRealms()) { + if (!(realm instanceof Authorizer)) continue; + // 仅比较 realmName 对应得上的 realm + if (realmNames.contains(realm.getName())) { + return ((Authorizer) realm).isPermitted(principals, permission); + } + } + return false; + } + + @Override + public boolean hasRole(PrincipalCollection principals, String roleIdentifier) { + assertRealmsConfigured(); + Set realmNames = principals.getRealmNames(); + for (Realm realm : getRealms()) { + if (!(realm instanceof Authorizer)) continue; + // 仅比较 realmName 对应得上的 realm + if (realmNames.contains(realm.getName())) { + return ((Authorizer) realm).hasRole(principals, roleIdentifier); + } + } + return false; + } +} diff --git a/shiro-study/src/main/java/com/nineya/shiro/config/StudyRealm.java b/shiro-study/src/main/java/com/nineya/shiro/config/StudyRealm.java index cb15cab..57004c6 100644 --- a/shiro-study/src/main/java/com/nineya/shiro/config/StudyRealm.java +++ b/shiro-study/src/main/java/com/nineya/shiro/config/StudyRealm.java @@ -1,5 +1,6 @@ package com.nineya.shiro.config; +import com.nineya.shiro.entity.JwtToken; import com.nineya.shiro.entity.Permissions; import com.nineya.shiro.entity.Role; import com.nineya.shiro.entity.User; @@ -31,7 +32,7 @@ public class StudyRealm extends AuthorizingRealm { @Override public boolean supports(AuthenticationToken token) { - return token instanceof BearerToken; + return token instanceof JwtToken; } /** @@ -41,6 +42,7 @@ public boolean supports(AuthenticationToken token) { */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + System.out.println(this.getClass().getName()); String token = (String) principals.getPrimaryPrincipal(); String name = tokenUtil.getUserName(token); User user = loginService.getUserByName(name); @@ -64,6 +66,7 @@ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + System.out.println(this.getClass().getName()); if (StringUtils.isEmpty(token.getPrincipal())) { return null; } @@ -75,6 +78,6 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) // 第一个参数是主体,将会在授权时封装成PrincipalCollection.getPrimaryPrincipal()进行使用,所以必须将jwt内容传回 // 第二个参数是认证信息,即密码,为后面验证可以通过,需要和token中的内容一样 // 第三个参数是领域名称 - return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), user.getUserName()); + return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName()); } } diff --git a/shiro-study/src/main/java/com/nineya/shiro/controller/LoginController.java b/shiro-study/src/main/java/com/nineya/shiro/controller/LoginController.java index 740f4ce..7a90873 100644 --- a/shiro-study/src/main/java/com/nineya/shiro/controller/LoginController.java +++ b/shiro-study/src/main/java/com/nineya/shiro/controller/LoginController.java @@ -1,8 +1,10 @@ package com.nineya.shiro.controller; +import com.nineya.shiro.entity.Manage; import com.nineya.shiro.entity.User; import com.nineya.shiro.service.LoginService; import com.nineya.shiro.util.UserTokenUtil; +import org.apache.shiro.authz.annotation.RequiresAuthentication; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.authz.annotation.RequiresRoles; import org.springframework.util.StringUtils; @@ -30,6 +32,7 @@ public class LoginController { * 使用 jwt 时,将不再使用 session 存储登录状态,subject.login(usernamePasswordToken) 逻辑将在 Filter 解析 token 时进行,并且 * 每次请求都需要进行 token 解析和登录操作。 * 也就是说认证、授权两个步骤,原本只要登录时进行认证,每次请求进行授权,使用 jwt 后每次请求都需要记性jwt解析、认证和授权三个步骤。 + * * @param userName 用户名 * @param password 密码 * @return @@ -46,6 +49,19 @@ public String login(@RequestParam("userName") String userName, @RequestParam("pa return tokenUtil.createToken(userName); } + @GetMapping("/manageLogin") + public String manageLogin(@RequestParam("id") long id, @RequestParam("password") String password) { + if (StringUtils.isEmpty(password)) { + return "请输入密码!"; + } + Manage manage = loginService.getManageById(id); + if (!manage.getPassword().equals(password)) { + return "密码不正确!"; + } + // 示例中简单复用 User 的 token + return tokenUtil.createToken(String.valueOf(id)); + } + // 这是没有使用 jwt 时,基于 session 的实现方式 // @GetMapping("/login") // public String login(User user) { @@ -75,6 +91,7 @@ public String login(@RequestParam("userName") String userName, @RequestParam("pa /** * 允许角色为 read 且为 write 用户访问 + * * @return */ @RequiresRoles({"read", "write"}) @@ -85,6 +102,7 @@ public String admin() { /** * 允许拥有 select 权限的用户访问 + * * @return */ @RequiresPermissions("select") @@ -95,6 +113,7 @@ public String select() { /** * 允许拥有 create 权限的用户访问 + * * @return */ @RequiresPermissions("create") @@ -102,4 +121,24 @@ public String select() { public String create() { return "create"; } + + /** + * 要求管理员角色 + * @return + */ + @RequiresRoles("manage") + @GetMapping("/manage") + public String manage() { + return "manage"; + } + + /** + * 要求update 权限,该权限只有管理员拥有 + * @return + */ + @RequiresPermissions("update") + @GetMapping("/update") + public String update() { + return "update"; + } } diff --git a/shiro-study/src/main/java/com/nineya/shiro/entity/JwtToken.java b/shiro-study/src/main/java/com/nineya/shiro/entity/JwtToken.java new file mode 100644 index 0000000..ba026d4 --- /dev/null +++ b/shiro-study/src/main/java/com/nineya/shiro/entity/JwtToken.java @@ -0,0 +1,21 @@ +package com.nineya.shiro.entity; + +import org.apache.shiro.authc.BearerToken; + +/** + * 继承实现一个自定义的带有登录类型的Token + * @author 殇雪话诀别 + * 2021/2/17 + */ +public class JwtToken extends BearerToken { + private final LoginType loginType; + + public JwtToken(LoginType loginType, String token, String host) { + super(token, host); + this.loginType = loginType; + } + + public LoginType getLoginType() { + return loginType; + } +} diff --git a/shiro-study/src/main/java/com/nineya/shiro/entity/LoginType.java b/shiro-study/src/main/java/com/nineya/shiro/entity/LoginType.java new file mode 100644 index 0000000..d7df8c1 --- /dev/null +++ b/shiro-study/src/main/java/com/nineya/shiro/entity/LoginType.java @@ -0,0 +1,9 @@ +package com.nineya.shiro.entity; + +/** + * @author 殇雪话诀别 + * 2021/2/17 + */ +public enum LoginType { + USER, MANAGE; +} diff --git a/shiro-study/src/main/java/com/nineya/shiro/entity/Manage.java b/shiro-study/src/main/java/com/nineya/shiro/entity/Manage.java new file mode 100644 index 0000000..22bed3c --- /dev/null +++ b/shiro-study/src/main/java/com/nineya/shiro/entity/Manage.java @@ -0,0 +1,60 @@ +package com.nineya.shiro.entity; + +import java.util.Set; + +/** + * @author 殇雪话诀别 + * 2021/2/15 + * 管理员 + */ +public class Manage { + private long mid; + private String password; + /** + * 用户对应的角色 + */ + private Set roles; + + public Manage() { + } + + public Manage(long uid, String password, Set roles) { + this.mid = uid; + this.password = password; + this.roles = roles; + } + + public long getMid() { + return mid; + } + + public void setMid(long mid) { + this.mid = mid; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public Set getRoles() { + return roles; + } + + public void setRoles(Set roles) { + this.roles = roles; + } + + @Override + public String toString() { + final StringBuilder sb = new StringBuilder("Manage{"); + sb.append("mid=").append(mid); + sb.append(", password='").append(password).append('\''); + sb.append(", roles=").append(roles); + sb.append('}'); + return sb.toString(); + } +} diff --git a/shiro-study/src/main/java/com/nineya/shiro/filter/TokenFilter.java b/shiro-study/src/main/java/com/nineya/shiro/filter/TokenFilter.java index 69fd3e4..8d14ede 100644 --- a/shiro-study/src/main/java/com/nineya/shiro/filter/TokenFilter.java +++ b/shiro-study/src/main/java/com/nineya/shiro/filter/TokenFilter.java @@ -1,6 +1,8 @@ package com.nineya.shiro.filter; import com.nineya.shiro.controller.ExceptionController; +import com.nineya.shiro.entity.JwtToken; +import com.nineya.shiro.entity.LoginType; import org.apache.shiro.authc.BearerToken; import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter; @@ -14,6 +16,7 @@ */ public class TokenFilter extends BasicHttpAuthenticationFilter { + private static final String MANAGE_AUTHORIZATION = "Manage-Authorization"; /** * 判断用户是否想要登入。 * 检测header里面是否包含Authorization字段即可 @@ -21,8 +24,7 @@ public class TokenFilter extends BasicHttpAuthenticationFilter { @Override protected boolean isLoginAttempt(ServletRequest request, ServletResponse response) { HttpServletRequest req = (HttpServletRequest) request; - String authorization = req.getHeader(AUTHORIZATION_HEADER); - return authorization != null; + return req.getHeader(AUTHORIZATION_HEADER) != null || req.getHeader(MANAGE_AUTHORIZATION) != null; } /** @@ -60,8 +62,17 @@ protected boolean isAccessAllowed(ServletRequest request, ServletResponse respon @Override protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpServletRequest = (HttpServletRequest) request; + LoginType loginType = null; String token = httpServletRequest.getHeader(AUTHORIZATION_HEADER); - BearerToken jwtToken = new BearerToken(token, request.getRemoteAddr()); + if (token != null) { + loginType = LoginType.USER; + } else { + token = httpServletRequest.getHeader(MANAGE_AUTHORIZATION); + if (token != null) { + loginType = LoginType.MANAGE; + } + } + JwtToken jwtToken = new JwtToken(loginType, token, request.getRemoteAddr()); getSubject(request, response).login(jwtToken); return true; } diff --git a/shiro-study/src/main/java/com/nineya/shiro/service/LoginService.java b/shiro-study/src/main/java/com/nineya/shiro/service/LoginService.java index eaff9f9..d446a0e 100644 --- a/shiro-study/src/main/java/com/nineya/shiro/service/LoginService.java +++ b/shiro-study/src/main/java/com/nineya/shiro/service/LoginService.java @@ -1,5 +1,6 @@ package com.nineya.shiro.service; +import com.nineya.shiro.entity.Manage; import com.nineya.shiro.entity.User; /** @@ -16,4 +17,11 @@ public interface LoginService { * @return */ User getUserByName(String name); + + /** + * 通过管理员id获取管理员信息 + * @param mid + * @return + */ + Manage getManageById(long mid); } diff --git a/shiro-study/src/main/java/com/nineya/shiro/service/impl/LoginServiceImpl.java b/shiro-study/src/main/java/com/nineya/shiro/service/impl/LoginServiceImpl.java index f260053..f31e5a8 100644 --- a/shiro-study/src/main/java/com/nineya/shiro/service/impl/LoginServiceImpl.java +++ b/shiro-study/src/main/java/com/nineya/shiro/service/impl/LoginServiceImpl.java @@ -1,5 +1,6 @@ package com.nineya.shiro.service.impl; +import com.nineya.shiro.entity.Manage; import com.nineya.shiro.entity.Permissions; import com.nineya.shiro.entity.Role; import com.nineya.shiro.entity.User; @@ -17,6 +18,7 @@ @Service public class LoginServiceImpl implements LoginService { private final Map users = new HashMap<>(); + private final Map manages = new HashMap<>(); public LoginServiceImpl() { // 定义三个权限 @@ -30,10 +32,20 @@ public LoginServiceImpl() { users.put("observe", new User(1, "observe", "123456", Collections.singleton(role1))); users.put("admin", new User(1, "admin", "123456", Collections.singleton(role2))); users.put("user", new User(1, "user", "123456", new HashSet(){{add(role1); add(role2);}})); + + // 定义一个 manage角色,拥有所有权限 + Permissions permissions4 = new Permissions(4, "update"); + Role role3 = new Role(1, "manage", new HashSet(){{add(permissions1);add(permissions2);add(permissions3);add(permissions4);}}); + manages.put(1L, new Manage(1, "123456", Collections.singleton(role3))); } @Override public User getUserByName(String name) { return users.get(name); } + + @Override + public Manage getManageById(long mid) { + return manages.get(mid); + } }