shiro框架学习-4- Shiro内置JdbcRealm

1.  JdbcRealm 数据库准备

JdbcRealm就是用户的角色,权限都从数据库中读取,也就是用来进行用户认证授权的安全数据源更换为从数据库中读取,其他没有差别,首先在数据库创建三张表:

CREATE TABLE `users` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `username` varchar(100) DEFAULT NULL,
  `password` varchar(100) DEFAULT NULL,
  `password_salt` varchar(100) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `idx_users_username` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;
CREATE TABLE `user_roles` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `username` varchar(100) DEFAULT NULL,
  `role_name` varchar(100) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `idx_user_roles` (`username`,`role_name`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
CREATE TABLE `roles_permissions` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `role_name` varchar(100) DEFAULT NULL,
  `permission` varchar(100) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `idx_roles_permissions` (`role_name`,`permission`)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;

插入数据:

INSERT INTO `users` VALUES (1,'jack','123',NULL),(2,'xdclass','456',NULL);
INSERT INTO `roles_permissions` VALUES (4,'admin','video:*'),(3,'role1','video:buy'),(2,'role1','video:find'),(5,'role2','*'),(1,'root','*');
INSERT INTO `user_roles` VALUES (1,'jack','role1'),(2,'jack','role2'),(4,'xdclass','admin'),(3,'xdclass','root');

2. JdbcRealm 配置文件

#注意 文件格式必须为ini,编码为ANSI
#声明Realm,指定realm类型
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm

#配置数据源
#dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
dataSource=com.alibaba.druid.pool.DruidDataSource

# mysql-connector-java 5 用的驱动url是com.mysql.jdbc.Driver,mysql-connector-java6以后用的是com.mysql.cj.jdbc.Driver
dataSource.driverClassName=com.mysql.cj.jdbc.Driver

#避免安全警告
dataSource.url=jdbc:mysql://localhost:3306/xdclass_shiro?characterEncoding=UTF-8&serverTimezone=UTC&useSSL=false
dataSource.username=root
dataSource.password=lchadmin

#指定数据源
jdbcRealm.dataSource=$dataSource

#开启查找权限,否则不会自动查询角色对应的权限,造成实际有权限,调用subject.isPermitted()返回false
jdbcRealm.permissionsLookupEnabled=true

#指定SecurityManager的Realms实现,设置realms,可以有多个,用逗号隔开
securityManager.realms=$jdbcRealm

 

测试代码

package net.xdclass.xdclassshiro;

import com.alibaba.druid.pool.DruidDataSource;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;

/**
 * jdbcRealm操作
 */
public class QuicksStratTest5_3 {

    @Test
    public void testAuthentication() {
        //通过配置文件创建SecurityManager工厂
        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:jdbcrealm.ini");
       // 获取SecurityManager实例
        SecurityManager securityManager = factory.getInstance();
        //设置当前上下文
        SecurityUtils.setSecurityManager(securityManager);

        //获取当前subject(application应用的user)
        Subject subject = SecurityUtils.getSubject();
        // 模拟用户输入
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("jack","123");
        //
        subject.login(usernamePasswordToken);
        System.out.println("认证结果(是否已授权):" + subject.isAuthenticated());
        //最终调用的是org.apache.shiro.authz.ModularRealmAuthorizer.hasRole方法
        System.out.println("是否有role1角色:" + subject.hasRole("role1"));
        System.out.println("是否有role2角色:" + subject.hasRole("role2"));
        System.out.println("是否有root角色:" + subject.hasRole("root"));
        //获取登录 账号
        System.out.println("getPrincipal():" + subject.getPrincipal());
        //校验角色,没有返回值,校验不通过,直接跑出异常
        subject.checkRole("role1");
        System.out.println("=======subject.checkRole(\"role1\") passed=====" );
        // user jack有video的find权限,执行通过
        subject.checkPermission("video:find");
        // 是否有video:find权限:true
        System.out.println("是否有video:find权限:" + subject.isPermitted("video:find"));
        //   是否有video:delete权限:false
        System.out.println("是否有video:delete权限:" + subject.isPermitted("video:delete"));
        //user jack没有video的删除权限,执行会报错:org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [video:delete]
        subject.checkPermission("video:delete");
        subject.logout();
        System.out.println("logout后认证结果:" + subject.isAuthenticated());

       /* org.apache.shiro.realm.jdbc.JdbcRealm源码
       * 1. class JdbcRealm extends AuthorizingRealm
       * 2. 预置了默认的查询语句,因此创建数据库时字段名字要与这里定义的一致!!!
       *   protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password from users where username = ?";
    protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt from users where username = ?";
    #根据用户名称查角色
    protected static final String DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where username = ?";
    *  #根据用户名称查权限
    protected static final String DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions where role_name = ?";
    protected String authenticationQuery = "select password from users where username = ?";
    protected String userRolesQuery = "select role_name from user_roles where username = ?";
    * #根据角色查询权限
    protected String permissionsQuery = "select permission from roles_permissions where role_name = ?";
    *
    * 3. protected boolean permissionsLookupEnabled = false;  这个开关默认是关闭的,需要手动打开
    * 4.
    * protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        if (principals == null) {
            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
        } else {
            String username = (String)this.getAvailablePrincipal(principals);
            Connection conn = null;
            Set<String> roleNames = null;
            Set permissions = null;

            try {
                conn = this.dataSource.getConnection();
                roleNames = this.getRoleNamesForUser(conn, username);
                if (this.permissionsLookupEnabled) {
                    permissions = this.getPermissions(conn, username, roleNames);
                }
            } catch (SQLException var11) {
                String message = "There was a SQL error while authorizing user [" + username + "]";
                if (log.isErrorEnabled()) {
                    log.error(message, var11);
                }

                throw new AuthorizationException(message, var11);
            } finally {
                JdbcUtils.closeConnection(conn);
            }

            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
            info.setStringPermissions(permissions);
            return info;
        }
        * */
    }

    @Test
    public void test2(){
// 不使用配置文件的情况下: DefaultSecurityManager securityManager
= new DefaultSecurityManager(); DruidDataSource ds = new DruidDataSource(); ds.setDriverClassName("com.mysql.cj.jdbc.Driver"); ds.setUrl("jdbc:mysql://localhost:3306/xdclass_shiro?characterEncoding=UTF-8&serverTimezone=UTC&useSSL=false"); ds.setUsername("root"); ds.setPassword("lchadmin"); JdbcRealm jdbcRealm = new JdbcRealm(); jdbcRealm.setPermissionsLookupEnabled(true); jdbcRealm.setDataSource(ds); securityManager.setRealm(jdbcRealm); // 将securityManager设置到当前运行环境中 SecurityUtils.setSecurityManager(securityManager); //获取当前subject(application应用的user) Subject subject = SecurityUtils.getSubject(); // 模拟用户输入 UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken("jack","123"); // subject.login(usernamePasswordToken); System.out.println("认证结果(是否已授权):" + subject.isAuthenticated()); //最终调用的是org.apache.shiro.authz.ModularRealmAuthorizer.hasRole方法 System.out.println("是否有role1角色:" + subject.hasRole("role1")); System.out.println("是否有role2角色:" + subject.hasRole("role2")); System.out.println("是否有root角色:" + subject.hasRole("root")); //获取登录 账号 System.out.println("getPrincipal():" + subject.getPrincipal()); //校验角色,没有返回值,校验不通过,直接抛出异常 subject.checkRole("role1"); System.out.println("=======subject.checkRole(\"role1\") passed=====" ); // user jack有video的find权限,执行通过 subject.checkPermission("video:find"); // 是否有video:find权限:true System.out.println("是否有video:find权限:" + subject.isPermitted("video:find")); // 是否有video:delete权限:false System.out.println("是否有video:delete权限:" + subject.isPermitted("video:delete")); //user jack没有video的删除权限,执行会报错:org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [video:delete] subject.checkPermission("video:delete"); } }

 

posted @ 2019-12-22 14:52  清风拂来  阅读(577)  评论(0编辑  收藏  举报