-
Notifications
You must be signed in to change notification settings - Fork 56
/
NutzDaoRealm.java
115 lines (100 loc) · 4.06 KB
/
NutzDaoRealm.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package band.wukong.mz.nutz.integration.shiro;
import band.wukong.mz.common.privilege.bean.Permission;
import band.wukong.mz.common.privilege.bean.Role;
import band.wukong.mz.common.privilege.bean.User;
import band.wukong.mz.util.Toolkit;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.nutz.dao.Cnd;
import org.nutz.dao.Dao;
import org.nutz.integration.shiro.CaptchaUsernamePasswordToken;
import org.nutz.ioc.loader.annotation.Inject;
import org.nutz.lang.Strings;
import org.nutz.mvc.Mvcs;
/**
* 用NutDao来实现Shiro的Realm
*
* @author wukong(wukonggg@139.com)
*/
public class NutzDaoRealm extends AuthorizingRealm {
@Inject
private Dao dao;
public NutzDaoRealm() {
this(null, null);
}
public NutzDaoRealm(CacheManager cacheManager) {
this(cacheManager, null);
}
public NutzDaoRealm(CredentialsMatcher matcher) {
this(null, matcher);
}
public NutzDaoRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
super(cacheManager, matcher);
setAuthenticationTokenClass(CaptchaUsernamePasswordToken.class);
}
public Dao dao() {
if (dao == null) {
dao = Mvcs.ctx().getDefaultIoc().get(Dao.class, "dao");
return dao;
}
return dao;
}
public void setDao(Dao dao) {
this.dao = dao;
}
public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//null usernames are invalid
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
int userId = (Integer) principals.getPrimaryPrincipal();
User user = dao().fetch(User.class, userId);
if (user == null)
return null;
if (user.isLocked())
throw new LockedAccountException("Account [" + user.getName() + "] is locked.");
SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();
user = dao().fetchLinks(user, null);
if (user.getRoles() != null) {
dao().fetchLinks(user.getRoles(), null);
for (Role role : user.getRoles()) {
auth.addRole(role.getName());
if (role.getPermissions() != null) {
for (Permission p : role.getPermissions()) {
auth.addStringPermission(p.getName());
}
}
}
}
if (user.getPermissions() != null) {
for (Permission p : user.getPermissions()) {
auth.addStringPermission(p.getName());
}
}
return auth;
}
public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
CaptchaUsernamePasswordToken upToken = (CaptchaUsernamePasswordToken) token;
if (Strings.isBlank(upToken.getCaptcha()))
throw new AuthenticationException("验证码不能为空");
String _captcha = Strings.sBlank(SecurityUtils.getSubject().getSession(true).getAttribute(Toolkit.captcha_attr));
if (!upToken.getCaptcha().equalsIgnoreCase(_captcha))
throw new AuthenticationException("验证码错误");
User user = dao().fetch(User.class, Cnd.where("name", "=", upToken.getUsername()));
if (user == null)
return null;
if (user.isLocked())
throw new LockedAccountException("Account [" + upToken.getUsername() + "] is locked.");
SimpleAccount account = new SimpleAccount(user.getId(), user.getPassword(), getName());
account.setCredentialsSalt(ByteSource.Util.bytes(user.getSalt()));
return account;
}
}