我们已经在自定义Realm中重写doGetAuthenticationInfo方法和doGetAuthorizationInfo方法实现了认证和授权。
@Override
/**
* 认证
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//1.获取用户输入的账号
String username = (String)token.getPrincipal();
//2.通过username从数据库中查找到user实体
User user = getUserByUserName(username);
if(user == null){
return null;
}
//3.通过SimpleAuthenticationInfo做身份处理
SimpleAuthenticationInfo simpleAuthenticationInfo =
new SimpleAuthenticationInfo(user,user.getPassword(),getName());
//4.用户账号状态验证等其他业务操作
if(!user.getAvailable()){
throw new AuthenticationException("该账号已经被禁用");
}
//5.返回身份处理对象
return simpleAuthenticationInfo;
}
@Override
/**
* 授权
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
System.out.println("调用了授权方法");
//获取当前登录的用户
User user = (User) principal.getPrimaryPrincipal();
//通过SimpleAuthenticationInfo做授权
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//添加角色
simpleAuthorizationInfo.addRole(user.getRole());
//添加权限
simpleAuthorizationInfo.addStringPermissions(user.getPermissions());
return simpleAuthorizationInfo;
}
