吃透Shiro源码7----AuthenticationInfo与重载

文章目录

技术手法

(1)多个方法重载设计思路

如果有多重方法在重载的话,提供一个同名的private或protected方法。各种重载对象最后转成此private或protected方法需要的格式。其实今天处理的代码并不复杂,实际上就是通过AuthenticationInfo对象,将其解析成Collection<Permission>。

  @Override
    public void checkPermission(PrincipalCollection subjectPrincipal, String permission) 
                      throws AuthorizationException {
        Permission perm = getPermissionResolver().resolvePermission(permission);
        AuthorizationInfo authorizationInfo = this.getAuthorizationInfo(subjectPrincipal);
        checkPermission(perm, authorizationInfo);
    }
   @Override
    public void checkPermission(PrincipalCollection subjectPrincipal, Permission permission)
                       throws AuthorizationException {
        AuthorizationInfo authorizationInfo = this.getAuthorizationInfo(subjectPrincipal);
        checkPermission(permission, authorizationInfo);
    }

    protected void checkPermission(Permission permission,
                        AuthorizationInfo authorizationInfo) {
        if (!isPermitted(permission, authorizationInfo)) {
            String msg = "用户无:[" + permission + "]权限";
            throw new UnauthorizedException(msg);
        }
    }

(2)AuthenticationInfo设计思路

大佬总是面向接口编程的。如果是我设计,我根本想不到把这些对象抽象为接口。

public interface AuthorizationInfo extends Serializable {


    /**
     * 获取角色列表
     *
     * @return 角色列表
     */
    Collection<String> getRoles();


    /**
     * 获取权限列表(字符串)
     *
     * @return 权限列表
     */
    Collection<String> getStringPermissions();

    /**
     * 获取所有权限(对象)
     *
     * @return
     */
    Collection<Permission> getObjectPermissions();
}

private Collection<Permission> getPermissions(AuthorizationInfo info) {
        if (info == null) {
            return CollectionUtils.emptySet();
        }
        Collection<Permission> result = new HashSet<>();
        //把AuthorizationInfo中的三种不同的权限组合取出来,分别解析

        Collection<Permission> objectPermissions = info.getObjectPermissions();
        if (CollectionUtils.isNotEmpty(objectPermissions)) {
            result.addAll(objectPermissions);
        }

        Collection<String> stringPerms = info.getStringPermissions();
        if (CollectionUtils.isNotEmpty(stringPerms)) {
            result.addAll(this.resolvePermissions(stringPerms));
        }

        Collection<String> roles = info.getRoles();
        if (CollectionUtils.isNotEmpty(roles)) {
            result.addAll(this.resolveRolePermissions(roles));
        }

        return result;
    }
posted @ 2022-07-17 12:14  小大宇  阅读(59)  评论(0编辑  收藏  举报