JwtRealm.java

package com.mycim.webapp.secutiry.shiro.realm;

import com.mycim.framework.context.spring.SpringContext;
import com.mycim.framework.utils.lang.StringUtils;
import com.mycim.server.base.service.BaseService;
import com.mycim.server.security.service.SecurityService;
import com.mycim.valueobject.security.User;
import com.mycim.webapp.secutiry.jwt.JwtUtils;
import com.mycim.webapp.secutiry.jwt.token.JwtToken;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Service;

import java.util.*;

/**
 * @program: mycim-module
 * @description:
 * @author: pinyan.song
 * @create: 2019-06-26 10:05
 **/
@Service
public class JwtRealm extends AuthorizingRealm {

    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JwtToken;
    }

    /**
     * 校验权限
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        SecurityService securityService = SpringContext.getBean(SecurityService.class);
        BaseService baseService = SpringContext.getBean(BaseService.class);

        JwtToken jwtToken = new JwtToken(principals.toString());

        User user = securityService.getUser(jwtToken.getUserRrn());

        // 获取role
        Collection<Long> roleRrns = securityService.getUserWithGroupGrantRoleList(user.getInstanceRrn());
        Iterator<Long> roles = roleRrns.iterator();

        String roleIdString = "";
        while (roles.hasNext()) {
            Long role = roles.next();
            String roleId = baseService.getNamedObjectId(role.longValue());
            if (!StringUtils.equalsIgnoreCase("N/A", roleId)) {
                roleIdString += (roleId + ",");
            }
        }

        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.addRole(roleIdString);
        Set<String> permission = new HashSet<>(Arrays.asList(roleIdString.split(",")));
        simpleAuthorizationInfo.addStringPermissions(permission);
        return simpleAuthorizationInfo;
    }

    /**
     * 校验登录
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        JwtToken jwtToken = new JwtToken(token.getCredentials().toString());

        String userRrn = jwtToken.getUserRrn().toString();
        if (StringUtils.isEmpty(userRrn)) {
            throw new AuthenticationException("token invalid");
        }

        if (!JwtUtils.verify(jwtToken)) {
            throw new AuthenticationException("Username or password error");
        }

        return new SimpleAuthenticationInfo(jwtToken.getToken(), jwtToken.getToken(), "JwtRealm");
    }

}
Created with JaCoCo 0.8.8.202204050719