我现在遇到一个问题。客户端根据session也读到了用户权限,但是客户端的shiro拦截报PrincipalCollection为空
授权信息怎么赋给客户端的PrincipalCollection里面?
我现在遇到一个问题。客户端根据session也读到了用户权限,但是客户端的shiro拦截报PrincipalCollection为空
授权信息怎么赋给客户端的PrincipalCollection里面?
老铁!没完全懂你意思,不过写点自己看法:
首先在使用shiro时候是存在一个叫Realm类,这个类主要实现根据提交PrincipalCollection的获取授权信息,其次该类还提供认证方法。在整体流程上,
<bean id="realm" class="xxx.xxx.xxx.Realm" />
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="realm" />
</bean>
Realm类
public class Realm extends AuthorizingRealm {
...
/**
* 授权信息
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// 获取请求用户名
String username = (String) principals.getPrimaryPrincipal()
// 查询数据库,获得用户相关信息,如角色,权限等
User user = service.find(username);
// 角色名、权限名的集合
Set<String> roles = new HashSet<String>();
Set<String> permissions = new HashSet<String>();
// 将角色名和权限名放入shiro里
for (Iterator<Role> roleItr = user.getRoles().iterator(); roleItr.hasNext();) {
Role role = roleItr.next();
if (role != null) {
roles.add(role.getName());
for (Iterator<Permission> perItr = role.getPermissions().iterator(); perItr.hasNext();) {
Permission per = perItr.next();
if (per != null) {
permissions.add(per.getName());
}
}
}
}
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addRoles(roles);
authorizationInfo.addStringPermissions(permissions);
return authorizationInfo;
}
/**
* 认证信息
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
...
return new SimpleAuthenticationInfo(username, password, getName());
}
@PostConstruct
public void initCredentialsMatcher() {
// 该句作用是重写shiro的密码验证,让shiro使用自定义验证
setCredentialsMatcher(new CustomCredentialsMatcher());
}
}