Example 36 with SimpleAuthorizationInfo
use of org.apache.shiro.authz.SimpleAuthorizationInfo in project ddf by codice.
the class AuthzRealmTest method testIsPermittedOneMultiple.
@Test
public void testIsPermittedOneMultiple() throws PdpException {
permissionList.clear();
KeyValuePermission kvp = new KeyValuePermissionImpl("country", Arrays.asList("AUS", "CAN", "GBR"));
permissionList.add(kvp);
String ruleClaim = "FineAccessControls";
String countryClaim = "CountryOfAffiliation";
// create a new user here with multiple country permissions to test
List<Permission> permissions = new ArrayList<Permission>();
KeyValuePermission rulePermission = new KeyValuePermissionImpl(ruleClaim);
rulePermission.addValue("A");
rulePermission.addValue("B");
permissions.add(rulePermission);
KeyValuePermission countryPermission = new KeyValuePermissionImpl(countryClaim);
countryPermission.addValue("USA");
countryPermission.addValue("AUS");
permissions.add(countryPermission);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addObjectPermission(rulePermission);
authorizationInfo.addObjectPermission(countryPermission);
authorizationInfo.addRole("admin");
AuthzRealm testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
return authorizationInfo;
}
};
testRealm.setSecurityLogger(mock(SecurityLogger.class));
testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermissionImpl("role", Arrays.asList(roleString))));
boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
for (boolean permitted : permittedArray) {
Assert.assertEquals(true, permitted);
}
}
Also used :
XmlParser(org.codice.ddf.parser.xml.XmlParser)
AuthzRealm(ddf.security.pdp.realm.AuthzRealm)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
ArrayList(java.util.ArrayList)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
KeyValuePermissionImpl(ddf.security.permission.impl.KeyValuePermissionImpl)
CollectionPermission(ddf.security.permission.CollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
SecurityLogger(ddf.security.audit.SecurityLogger)
Test(org.junit.Test)
Example 37 with SimpleAuthorizationInfo
use of org.apache.shiro.authz.SimpleAuthorizationInfo in project tutorials by eugenp.
the class MyCustomRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Set<String> roleNames = new HashSet<>();
Set<String> permissions = new HashSet<>();
principals.forEach(p -> {
try {
Set<String> roles = getRoleNamesForUser(null, (String) p);
roleNames.addAll(roles);
permissions.addAll(getPermissions(null, null, roles));
} catch (SQLException e) {
e.printStackTrace();
}
});
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
info.setStringPermissions(permissions);
return info;
}
Also used :
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
SQLException(java.sql.SQLException)
Example 38 with SimpleAuthorizationInfo
use of org.apache.shiro.authz.SimpleAuthorizationInfo in project wechat by dllwh.
the class ShiroRealm method doGetAuthorizationInfo.
/**
* @方法描述: 为当前登录的Subject授予角色和权限
* @说明: 该方法的调用时机为需授权资源被访问时,:并且每次访问需授权资源时都会执行该方法中的逻辑
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
// ① 获取当前登录的用户名
SysUser currentUser = (SysUser) principals.fromRealm(getName()).iterator().next();
if (currentUser == null) {
// 自动跳转到unauthorizedUrl指定的地址
return null;
}
// ② 从数据库中获取当前登录用户的详细信息
// ③ 获取当前登录用户的角色
/**
* 角色名的集合
*/
Set<String> roleList = Sets.newConcurrentHashSet();
List<SysUserRole> sysUserRolelist = userService.getUserRole(currentUser);
for (SysUserRole role : sysUserRolelist) {
if (role != null) {
roleList.add(role.getRoleCode());
}
}
// ④ 获取权限
SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
// ④ 1.为当前用户设置角色
simpleAuthorInfo.addRoles(roleList);
// ④ 2.为当前用户设置访问权限
List<String> opPerms = sysMenuService.getMenuPermsByUserId(currentUser);
if (ListUtilHelper.isNotEmpty(opPerms)) {
simpleAuthorInfo.addStringPermissions(opPerms);
}
return simpleAuthorInfo;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
Also used :
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
SysUser(com.cdeledu.model.rbac.SysUser)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
DisabledAccountException(org.apache.shiro.authc.DisabledAccountException)
ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException)
LockedAccountException(org.apache.shiro.authc.LockedAccountException)
UnknownAccountException(org.apache.shiro.authc.UnknownAccountException)
SysUserRole(com.cdeledu.model.rbac.SysUserRole)
Example 39 with SimpleAuthorizationInfo
use of org.apache.shiro.authz.SimpleAuthorizationInfo in project Spring-Family by Sierou-Java.
the class MyShiroRealm method doGetAuthorizationInfo.
// ////////////////////////////////////////////////////////身份认证 END //////////////////////////////////////////////////////
// ///////////////////////////////////////////////////////权限控制 START ////////////////////////////////////////////////////
/**
* 此方法调用 hasRole,hasPermission的时候才会进行回调.
*
* 权限信息.(授权):
* 1、如果用户正常退出,缓存自动清空;
* 2、如果用户非正常退出,缓存自动清空;
* 3、如果我们修改了用户的权限,而用户不退出系统,修改的权限无法立即生效。
* (需要手动编程进行实现;放在service进行调用)
* 在权限修改后调用realm中的方法,realm已经由spring管理,所以从spring中获取realm实例,
* 调用clearCached方法;
* :Authorization 是授权访问控制,用于对用户进行的操作授权,证明该用户是否允许进行当前操作,如访问某个链接,某个资源文件等。
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
/*
* 当没有使用缓存的时候,不断刷新页面的话,这个代码会不断执行,
* 当其实没有必要每次都重新设置权限信息,所以我们需要放到缓存中进行管理;
* 当放到缓存中时,这样的话,doGetAuthorizationInfo就只会执行一次了,
* 缓存过期之后会再次执行。
*/
System.out.println("权限配置-->MyShiroRealm.doGetAuthorizationInfo()");
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
UserInfo userInfo = (UserInfo) principals.getPrimaryPrincipal();
// authorizationInfo.setStringPermissions(stringPermissions);
for (SysRole role : userInfo.getRoleList()) {
authorizationInfo.addRole(role.getRole());
for (SysPermission p : role.getPermissions()) {
System.out.println("MyShiroRealm.doGetAuthorizationInfo():" + p.getPermission());
authorizationInfo.addStringPermission(p.getPermission());
}
}
return authorizationInfo;
}
Also used :
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
SysRole(org.family.pojo.SysRole)
UserInfo(org.family.pojo.UserInfo)
SysPermission(org.family.pojo.SysPermission)
Example 40 with SimpleAuthorizationInfo
use of org.apache.shiro.authz.SimpleAuthorizationInfo in project shiro by apache.
the class CasRealm method doGetAuthorizationInfo.
/**
* Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).
*
* @param principals the primary identifying principals of the AuthorizationInfo that should be retrieved.
* @return the AuthorizationInfo associated with this principals.
*/
@Override
@SuppressWarnings("unchecked")
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// retrieve user information
SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
List<Object> listPrincipals = principalCollection.asList();
Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
// create simple authorization info
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
// add default roles
addRoles(simpleAuthorizationInfo, split(defaultRoles));
// add default permissions
addPermissions(simpleAuthorizationInfo, split(defaultPermissions));
// get roles from attributes
List<String> attributeNames = split(roleAttributeNames);
for (String attributeName : attributeNames) {
String value = attributes.get(attributeName);
addRoles(simpleAuthorizationInfo, split(value));
}
// get permissions from attributes
attributeNames = split(permissionAttributeNames);
for (String attributeName : attributeNames) {
String value = attributes.get(attributeName);
addPermissions(simpleAuthorizationInfo, split(value));
}
return simpleAuthorizationInfo;
}
Also used :
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Map(java.util.Map)
Aggregations
SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)48
Permission (org.apache.shiro.authz.Permission)8
AuthorizationException (org.apache.shiro.authz.AuthorizationException)6
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)5
KeyValuePermission (ddf.security.permission.KeyValuePermission)5
ArrayList (java.util.ArrayList)5
HashSet (java.util.HashSet)5
AuthenticationException (org.apache.shiro.authc.AuthenticationException)5
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)5
KeyValuePermissionImpl (ddf.security.permission.impl.KeyValuePermissionImpl)4
CollectionPermission (ddf.security.permission.CollectionPermission)3
HashMap (java.util.HashMap)3
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3
Group (com.ganster.cms.core.pojo.Group)2
Permission (com.ganster.cms.core.pojo.Permission)2
User (com.ganster.cms.core.pojo.User)2
UserExample (com.ganster.cms.core.pojo.UserExample)2
TbRolePermission (com.netsteadfast.greenstep.po.hbm.TbRolePermission)2
TbUserRole (com.netsteadfast.greenstep.po.hbm.TbUserRole)2
Set (java.util.Set)2
