AuthenticationRealm.java

package com.project.shiro.util;

import com.alibaba.fastjson.JSONObject;
import com.project.model.core.Admin;
import com.project.model.core.Menu;
import com.project.model.core.Role;
import com.project.service.core.AdminService;
import com.project.service.core.MenuService;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.time.DateUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import javax.annotation.Resource;
import java.io.PrintWriter;
import java.util.*;

/**
 * 认证
 */
public class AuthenticationRealm extends AuthorizingRealm {

    @Resource(name = "adminServiceImpl")
    private AdminService adminService;

    @Resource(name = "menuServiceImpl")
    private MenuService menuService;

    /**
     * 获取认证信息
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token) {
        AuthenticationToken authToken = (AuthenticationToken) token;
        // 获取登录名、密码
        String username = authToken.getUsername();
        String password = new String(authToken.getPassword());

        if (username != null && password != null) {
            Admin admin = adminService.getByLoginName(username);

            if (admin == null) {
                throw new UnknownAccountException();
            }

            if (!admin.getStatus().equals(Admin.STATUS_ENUM.ENABLE.getValue())) {
                throw new DisabledAccountException();
            }

            //用户锁定
            if (admin.getIsLocked()) {

                //账号锁定分钟数
                Date lockedDate = admin.getLockedDate();
                Date unlockedDate = DateUtils.addMinutes(lockedDate, 10);

                //判断锁定时间是否已过
                if (new Date().after(unlockedDate)) {
                    admin.setLoginFailCnt(0);
                    admin.setIsLocked(false);
                    admin.setLockedDate(null);
                    adminService.update(admin);
                } else {
                    throw new LockedAccountException();
                }
            }

            //密码不正确
            if (!DigestUtils.md5Hex(password).equals(admin.getLoginPwd())) {
                int loginFailCount = admin.getLoginFailCnt() + 1;
                if (loginFailCount >= 5) {
                    admin.setIsLocked(true);
                    admin.setLockedDate(new Date());
                }
                admin.setLoginFailCnt(loginFailCount);
                adminService.update(admin);
                throw new IncorrectCredentialsException();
            }
            admin.setLoginFailCnt(0);
            adminService.update(admin);
            return new SimpleAuthenticationInfo(new Principal(admin.getId(), username), password, getName());
        }
        throw new UnknownAccountException();
    }

    /**
     * 获取授权信息
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        Principal principal = (Principal) principals.fromRealm(getName()).iterator().next();

        if (principal != null) {
            SimpleAuthorizationInfo authInfo = new SimpleAuthorizationInfo();

            //获取admin对象
            Admin adminTemp = new Admin();
            adminTemp.setId(principal.getId());
            List<Admin> admins = adminService.getAdminCascadeRole(adminTemp);
            Admin admin = admins.get(0);

            //获取用户的角色信息
            Set<String> roleSet = new HashSet<String>();
            for (Role role : admin.getRoles()) {
                if (role.getStatus().equals(Role.STATUS_ENUM.ENABLE.getValue())) {
                    roleSet.add(role.getRoleCode());
                }
            }

            //根据角色ids获取权限信息
            List<Menu> menuList = menuService.findOrdinaryMenu(principal.getId());
            Set<String> menuSet = new HashSet<String>();
            for (Menu menu : menuList) {
                if (StringUtils.isNotBlank(menu.getCode())) {
                    menuSet.add(menu.getCode());
                }
            }

            //将角色和资源放入授权对象中
            authInfo.addRoles(roleSet);
            authInfo.addStringPermissions(menuSet);
            return authInfo;
        }

        return null;
    }

    /**
     * 超级管理员自动获取所有权限
     */
//    @Override
//    public boolean isPermitted(PrincipalCollection principals, String permission) {
////        User user = ((User) principals.getPrimaryPrincipal());
////        if (Role.ADMIN_FLAG_SUPER_ADMIN == user.getRole().getAdminFlag()) {
////            return true;
////        }
//
//        return isPermitted(principals, getPermissionResolver().resolvePermission(permission));
//    }

    @Override
    public boolean isPermitted(PrincipalCollection principals, Permission permission) {
        AuthorizationInfo info = getAuthorizationInfo(principals);
        Collection<Permission> perms = getPermissions(info);
        if (CollectionUtils.isEmpty(perms)) {
            return false;
        }

        for (Permission perm : perms) {
            if (perm.implies(permission)) {
                return true;
            }
        }

        return false;
    }

    /**
     * 踢掉上一个登录的同名用户
     *
     * @param id 主键
     */

//    private void stopPreviousSession(Integer id) {
//        Collection<Session> sessions = sessionDAO.getActiveSessions();
//        Session currSession = SecurityUtils.getSubject().getSession();
//        Serializable sId = currSession.getId();
//        for (Session session : sessions) {
//            SimplePrincipalCollection collection = (SimplePrincipalCollection) session
//                    .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
//            if (collection == null) {
//                continue;
//            }
//
//            User u = (User) collection.getPrimaryPrincipal();
//            if (id.equals(u.getId())) {
//                if (sId.equals(session.getId())) {
//                    continue;
//                }
//
//                session.stop();
//                break;
//            }
//        }
//    }


}