org.apache.shiro.subject.PrincipalCollection Java Examples
The following examples show how to use
org.apache.shiro.subject.PrincipalCollection.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ShiroRealm.java From Spring-Boot-Book with Apache License 2.0 | 6 votes |
|
@Override
/**
* 权限配置
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//拿到用户信息
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Admin adminInfo = (Admin) principals.getPrimaryPrincipal();
for (SysRole role : adminInfo.getRoleList()) {
//将角色放入SimpleAuthorizationInfo
info.addRole(role.getRole());
//用户拥有的权限
for (SysPermission p : role.getPermissions()) {
info.addStringPermission(p.getPermission());
}
}
return info;
}
Example #2
| Source File: DbRealm.java From dpCms with Apache License 2.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
final PrincipalCollection principals) {
// retrieve role names and permission names
final String userName = (String) principals.getPrimaryPrincipal();
final Account account = accountRepository.findByLoginName(userName);
if (account == null) {
throw new UnknownAccountException("Account does not exist");
}
//先保存岗位数量
final int totalRoles = account.getEmployees().size();
final Set<String> roleNames = new LinkedHashSet<>(totalRoles);
final Set<String> permissionNames = new LinkedHashSet<>();
final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// info.setStringPermissions(permissionNames);
return info;
}
Example #3
| Source File: MyRealm.java From shiroDemo with Apache License 2.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取登录时输入的用户名
String loginName = (String) principalCollection.fromRealm(getName()).iterator().next();
//到数据库查是否有此对象
User user = this.getDao().findByName(loginName);
if (user != null) {
//权限信息对象info,用来存放查出的用户的所有的角色(role)及权限(permission)
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//用户的角色集合
info.setRoles(user.getRolesName());
//用户的角色对应的所有权限,如果只使用角色定义访问权限,下面的四行可以不要
List<Role> roleList = user.getRoleList();
for (Role role : roleList) {
info.addStringPermissions(role.getPermissionsString());
}
return info;
}
return null;
}
Example #4
| Source File: UserRealm.java From RuoYi with Apache License 2.0 | 6 votes |
|
/**
* 授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
SysUser user = ShiroUtils.getSysUser();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// 管理员拥有所有权限
if (user.isAdmin()) {
info.addRole("admin");
info.addStringPermission("*:*:*");
} else {
// 角色列表
Set<String> roles = roleService.selectRoleKeys(user.getUserId());
// 功能列表
Set<String> menus = menuService.selectPermsByUserId(user.getUserId());
// 角色加入AuthorizationInfo认证对象
info.setRoles(roles);
// 权限加入AuthorizationInfo认证对象
info.setStringPermissions(menus);
}
return info;
}
Example #5
| Source File: ShiroRealm.java From SpringAll with MIT License | 6 votes |
|
/**
* 获取用户角色和权限
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
User user = (User) SecurityUtils.getSubject().getPrincipal();
String userName = user.getUserName();
System.out.println("用户" + userName + "获取权限-----ShiroRealm.doGetAuthorizationInfo");
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
// 获取用户角色集
List<Role> roleList = userRoleMapper.findByUserName(userName);
Set<String> roleSet = new HashSet<String>();
for (Role r : roleList) {
roleSet.add(r.getName());
}
simpleAuthorizationInfo.setRoles(roleSet);
// 获取用户权限集
List<Permission> permissionList = userPermissionMapper.findByUserName(userName);
Set<String> permissionSet = new HashSet<String>();
for (Permission p : permissionList) {
permissionSet.add(p.getName());
}
simpleAuthorizationInfo.setStringPermissions(permissionSet);
return simpleAuthorizationInfo;
}
Example #6
| Source File: Realm.java From usergrid with Apache License 2.0 | 6 votes |
|
@Override
protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
UsergridAuthorizationInfo info = (UsergridAuthorizationInfo)super.getAuthorizationInfo(principals);
Subject currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
session.setAttribute( "applications", info.getApplicationSet());
session.setAttribute("organizations", info.getOrganizationSet());
if ( info.getOrganization() != null ) {
session.setAttribute( "organization", info.getOrganization() );
}
if ( info.getApplication() != null ) {
session.setAttribute( "application", info.getApplication() );
}
return info;
}
Example #7
| Source File: ShiroRealm.java From SpringAll with MIT License | 6 votes |
|
/**
* 获取用户角色和权限
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
User user = (User) SecurityUtils.getSubject().getPrincipal();
String userName = user.getUserName();
System.out.println("用户" + userName + "获取权限-----ShiroRealm.doGetAuthorizationInfo");
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
// 获取用户角色集
List<Role> roleList = userRoleMapper.findByUserName(userName);
Set<String> roleSet = new HashSet<String>();
for (Role r : roleList) {
roleSet.add(r.getName());
}
simpleAuthorizationInfo.setRoles(roleSet);
// 获取用户权限集
List<Permission> permissionList = userPermissionMapper.findByUserName(userName);
Set<String> permissionSet = new HashSet<String>();
for (Permission p : permissionList) {
permissionSet.add(p.getName());
}
simpleAuthorizationInfo.setStringPermissions(permissionSet);
return simpleAuthorizationInfo;
}
Example #8
| Source File: JPARealm.java From gazpachoquest with GNU General Public License v3.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// null usernames are invalid
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
User user = (User) getAvailablePrincipal(principals);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<Role> roles = userService.getRoles(user.getId());
for (Role role : roles) {
info.addRole(role.getName());
}
Set<Permission<?>> permissions = userService.getPermissions(user.getId());
for (Permission<?> permission : permissions) {
info.addStringPermission(permission.getLiteral());
}
return info;
}
Example #9
| Source File: UserRealm.java From ssm with Apache License 2.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SysUser sysUser = (SysUser)principals.getPrimaryPrincipal();
List<SysPermission> sysPermissions = sysPermissionService.getPermissionsByUserAccount(sysUser.getAccount());
List<String> permissionValus = new ArrayList<String>();
if (sysPermissions != null) {
// System.out.println(sysPermissions.size());
for (SysPermission sysPermission : sysPermissions) {
permissionValus.add(sysPermission.getValue());
// System.out.println(sysPermission.toString());
}
}
SimpleAuthorizationInfo simpleAuthorizationInfo
= new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addStringPermissions(permissionValus);
return simpleAuthorizationInfo;
}
Example #10
| Source File: ApiKeyRealmTest.java From emodb with Apache License 2.0 | 6 votes |
|
@Test
public void testCachedPermissionCheckById() {
String id = _authIdentityManager.createIdentity("apikey0", new ApiKeyModification().addRoles("role0"));
Permission rolePermission = mock(Permission.class);
Permission positivePermission = mock(Permission.class);
when(rolePermission.implies(positivePermission)).thenReturn(true);
when(rolePermission.implies(not(eq(positivePermission)))).thenReturn(false);
when(_permissionManager.getPermissions(PermissionIDs.forRole("role0"))).thenReturn(ImmutableSet.of(rolePermission));
// Verify permission is granted using the API key
PrincipalCollection principals = _underTest.getAuthenticationInfo(new ApiKeyAuthenticationToken("apikey0")).getPrincipals();
assertTrue(_underTest.isPermitted(principals, positivePermission));
// Verify the ID was cached
assertNotNull(_underTest.getIdAuthorizationCache().get(id));
// Verify permission was granted
assertTrue(_underTest.hasPermissionById(id, positivePermission));
}
Example #11
| Source File: SystemAuthorizingRealm.java From easyweb with Apache License 2.0 | 6 votes |
|
/**
* 获取权限授权信息,如果缓存中存在,则直接从缓存中获取,否则就重新获取, 登录成功后调用
*/
protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
return null;
}
AuthorizationInfo info = null;
info = (AuthorizationInfo)UserUtils.getCache(CACHE_AUTH_INFO);
if (info == null) {
info = doGetAuthorizationInfo(principals);
if (info != null) {
UserUtils.putCache(CACHE_AUTH_INFO, info);
}
}
return info;
}
Example #12
| Source File: MockRealm.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userId = principals.getPrimaryPrincipal().toString();
Set<String> roles = new HashSet<String>();
try {
for (RoleIdentifier roleIdentifier : userManager.getUser(userId).getRoles()) {
roles.add(roleIdentifier.getRoleId());
}
}
catch (UserNotFoundException e) {
return null;
}
return new SimpleAuthorizationInfo(roles);
}
Example #13
| Source File: LdapRealm.java From zeppelin with Apache License 2.0 | 6 votes |
|
private Set<String> getRoles(PrincipalCollection principals,
final LdapContextFactory ldapContextFactory) throws NamingException {
final String username = (String) getAvailablePrincipal(principals);
LdapContext systemLdapCtx = null;
try {
systemLdapCtx = ldapContextFactory.getSystemLdapContext();
return rolesFor(principals, username, systemLdapCtx,
ldapContextFactory, SecurityUtils.getSubject().getSession());
} catch (Throwable t) {
log.warn("Failed to get roles in current context for " + username, t);
return Collections.emptySet();
} finally {
LdapUtils.closeContext(systemLdapCtx);
}
}
Example #14
| Source File: ApiRealm.java From flash-waimai with MIT License | 5 votes |
|
/**
* 只有当需要检测用户权限的时候才会调用此方法,例如checkRole,checkPermission之类的
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = JwtUtil.getUsername(principals.toString());
ShiroUser user = shiroFactroy.shiroUser(userService.findByAccount(username));
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRoles(user.getRoleCodes());
Set<String> permission = user.getPermissions();
simpleAuthorizationInfo.addStringPermissions(permission);
return simpleAuthorizationInfo;
}
Example #15
| Source File: ShiroUtils.java From NutzSite with Apache License 2.0 | 5 votes |
|
public static void setSysUser(User user) {
Subject subject = getSubject();
PrincipalCollection principalCollection = subject.getPrincipals();
String realmName = principalCollection.getRealmNames().iterator().next();
PrincipalCollection newPrincipalCollection = new SimplePrincipalCollection(user, realmName);
// 重新加载Principal
subject.runAs(newPrincipalCollection);
}
Example #16
| Source File: WJRealm.java From White-Jotter with MIT License | 5 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 获取当前用户的所有权限
String username = principalCollection.getPrimaryPrincipal().toString();
Set<String> permissions = adminPermissionService.listPermissionURLsByUser(username);
// 将权限放入授权信息中
SimpleAuthorizationInfo s = new SimpleAuthorizationInfo();
s.setStringPermissions(permissions);
return s;
}
Example #17
| Source File: AbstractPermittingAuthorizingRealm.java From super-cloudops with Apache License 2.0 | 5 votes |
|
/**
* Setup merge authorized roles and permission string.
*
* @param authzInfo
* @return
*/
@SuppressWarnings("unchecked")
protected SimpleAuthorizationInfo mergeAuthorizedString(PrincipalCollection principals, SimpleAuthorizationInfo authzInfo) {
// Retrieve principal account info.
SimplePrincipalCollection principals0 = (SimplePrincipalCollection) principals;
Map<String, String> principalMap = (Map<String, String>) principals0.asList().get(1);
// Principal roles.
String roles = principalMap.get(KEY_ROLES_ATTRIBUTE_NAME);
mergeRoles(authzInfo, splitPermitString(roles));
// Principal permissions.
String permissions = principalMap.get(KEY_PERMITS_ATTRIBUTE_NAME);
return mergePermissions(authzInfo, splitPermitString(permissions));
}
Example #18
| Source File: UserRealm.java From kvf-admin with MIT License | 5 votes |
|
/**
* 授权(验证权限时调用)
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
User user = (User)principals.getPrimaryPrincipal();
Long userId = user.getId();
String username = user.getUsername();
List<String> permsList;
// todo 系统管理员,拥有最高权限(不用在系统设置任何权限)
/*if (SysConstant.ADMIN.equals(username)) {
List<Menu> menuList = menuService.list();
permsList = new ArrayList<>(menuList.size());
for (Menu menu : menuList) {
permsList.add(menu.getPermission());
}
} else {
permsList = menuService.getPermission(userId);
}*/
permsList = menuService.getPermission(userId);
//用户权限列表
Set<String> permsSet = new HashSet<>();
for(String perms : permsList){
if(StrUtil.isBlank(perms)){
continue;
}
permsSet.addAll(Arrays.asList(perms.trim().split(",")));
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setStringPermissions(permsSet);
return info;
}
Example #19
| Source File: GuicedIrisRealm.java From arcusplatform with Apache License 2.0 | 5 votes |
|
/**
* This implementation of the interface expects the principals collection to return a String username keyed off of
* this realm's {@link #getName() name}
*
* @see #getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//null usernames are invalid
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
Principal principal = (Principal) getAvailablePrincipal(principals);
Set<String> roleNames;
Set<String> permissions = null;
try {
// Retrieve roles and permissions from database
roleNames = getRoleNamesForUser(principal.getUsername());
if (permissionsLookupEnabled) {
permissions = getPermissions(roleNames);
}
} catch (Exception e) {
final String message = "There was an error while authorizing user [" + principal.getUsername() + "]";
log.error(message, e);
// Rethrow any SQL errors as an authorization exception
throw new AuthorizationException(message, e);
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
info.setStringPermissions(permissions);
return info;
}
Example #20
| Source File: ActiveDirectoryGroupRealm.java From zeppelin with Apache License 2.0 | 5 votes |
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
AuthorizationInfo info = this.queryForAuthorizationInfo(principals,
this.getLdapContextFactory());
return info;
} catch (NamingException var5) {
String msg = "LDAP naming error while attempting to " +
"retrieve authorization for user [" + principals + "].";
throw new AuthorizationException(msg, var5);
}
}
Example #21
| Source File: ApiKeyStoreImpl.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
private char[] makeApiKey(final String domain, final PrincipalCollection principals) {
ApiKeyFactory factory = apiKeyFactories.get(domain);
if (factory != null) {
return checkNotNull(factory.makeApiKey(principals));
}
return defaultApiKeyFactory.makeApiKey(principals);
}
Example #22
| Source File: IrisRealm.java From arcusplatform with Apache License 2.0 | 5 votes |
|
/**
* This implementation of the interface expects the principals collection to return a String username keyed off of
* this realm's {@link #getName() name}
*
* @see #getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//null usernames are invalid
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
String username = (String) getAvailablePrincipal(principals);
Set<String> roleNames;
Set<String> permissions = null;
try {
// Retrieve roles and permissions from database
roleNames = getRoleNamesForUser(cassandraSession, username);
if (permissionsLookupEnabled) {
permissions = getPermissions(cassandraSession, roleNames);
}
} catch (SQLException e) {
final String message = "There was a SQL error while authorizing user [" + username + "]";
if (log.isErrorEnabled()) {
log.error(message, e);
}
// Rethrow any SQL errors as an authorization exception
throw new AuthorizationException(message, e);
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
info.setStringPermissions(permissions);
return info;
}
Example #23
| Source File: MyShiroRealm.java From EasyReport with Apache License 2.0 | 5 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) {
final String account = (String)principals.getPrimaryPrincipal();
final User user = this.membershipFacade.getUser(account);
final SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(this.membershipFacade.getRoleSet(user.getRoles()));
authorizationInfo.setStringPermissions(this.membershipFacade.getPermissionSet(user.getRoles()));
return authorizationInfo;
}
Example #24
| Source File: MyShiroRealm.java From SpringBootBucket with MIT License | 5 votes |
|
/**
* 此方法调用hasRole,hasPermission的时候才会进行回调.
* <p>
* 权限信息.(授权):
* 1、如果用户正常退出,缓存自动清空;
* 2、如果用户非正常退出,缓存自动清空;
* 3、如果我们修改了用户的权限,而用户不退出系统,修改的权限无法立即生效。
* (需要手动编程进行实现;放在service进行调用)
* 在权限修改后调用realm中的方法,realm已经由spring管理,所以从spring中获取realm实例,调用clearCached方法;
* :Authorization 是授权访问控制,用于对用户进行的操作授权,证明该用户是否允许进行当前操作,如访问某个链接,某个资源文件等。
*
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
/*
* 当没有使用缓存的时候,不断刷新页面的话,这个代码会不断执行,
* 当其实没有必要每次都重新设置权限信息,所以我们需要放到缓存中进行管理;
* 当放到缓存中时,这样的话,doGetAuthorizationInfo就只会执行一次了,
* 缓存过期之后会再次执行。
*/
_logger.info("权限配置-->MyShiroRealm.doGetAuthorizationInfo()");
String username = JWTUtil.getUsername(principals.toString());
// 下面的可以使用缓存提升速度
ManagerInfo managerInfo = managerInfoService.findByUsername(username);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
//设置相应角色的权限信息
for (SysRole role : managerInfo.getRoles()) {
//设置角色
authorizationInfo.addRole(role.getRole());
for (Permission p : role.getPermissions()) {
//设置权限
authorizationInfo.addStringPermission(p.getPermission());
}
}
return authorizationInfo;
}
Example #25
| Source File: AdminAuthorizingRealm.java From mall with MIT License | 5 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
LitemallAdmin admin = (LitemallAdmin) getAvailablePrincipal(principals);
Integer[] roleIds = admin.getRoleIds();
Set<String> roles = roleService.queryByIds(roleIds);
Set<String> permissions = permissionService.queryByRoleIds(roleIds);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setRoles(roles);
info.setStringPermissions(permissions);
return info;
}
Example #26
| Source File: UserRealm.java From es with Apache License 2.0 | 5 votes |
|
private boolean isPermittedWithNotOperator(PrincipalCollection principals, String permission) {
if (permission.startsWith(NOT_OPERATOR)) {
return !super.isPermitted(principals, permission.substring(NOT_OPERATOR.length()));
} else {
return super.isPermitted(principals, permission);
}
}
Example #27
| Source File: OrientApiKeyStore.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
@Override
@Guarded(by = STARTED)
public void deleteApiKey(final String domain, final PrincipalCollection principals) {
inTxRetry(databaseInstance).run(db -> {
for (OrientApiKey entity : findByPrimaryPrincipal(db, principals)) {
if (entity.getDomain().equals(domain)) {
entityAdapter.deleteEntity(db, entity);
}
}
});
}
Example #28
| Source File: UserRealm.java From spring-tutorial with Creative Commons Attribution Share Alike 4.0 International | 5 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = (String) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(userService.findRoles(username));
authorizationInfo.setStringPermissions(userService.findPermissions(username));
return authorizationInfo;
}
Example #29
| Source File: CheckRealm.java From notes with Apache License 2.0 | 5 votes |
|
/**
* @return org.apache.shiro.authz.AuthorizationInfo
* @Author fruiqi
* @Description 当需要检测用户权限的时候会调用此方法。
* @Date 1:55 2019/3/9
* @Param [principals]
**/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String adminName = JwtUtil.getUsername(principals.toString());
AdminDto admin = AdminShiroService.selectAdminByAdminName(adminName);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole(admin.getAdminGrade().toString());
// TODO: 2019/3/9 待需要添加权限信息
// Set<String> permission = new HashSet<>(Arrays.asList(admin));
simpleAuthorizationInfo.addStringPermission("admin");
simpleAuthorizationInfo.addStringPermission("superadmin");
return simpleAuthorizationInfo;
}
Example #30
| Source File: JwtRealm.java From wetech-admin with MIT License | 5 votes |
|
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = principals.toString();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(userService.queryRoles(username));
authorizationInfo.setStringPermissions(userService.queryPermissions(username));
return authorizationInfo;
}
