[移动开发] 多realm 的 shiro 使用

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 移动开发 -> 多realm 的 shiro 使用 -> 正文阅读

[移动开发]多realm 的 shiro 使用

一、通过用户名、密码登陆
二、通过短信验证码登陆

一、通过用户名、密码登陆

@PostMapping("/login")
@ApiOperation(value = "移动助手登陆用户")
public Object login(@ApiParam(required = true, value = "登录帐号和密码") @Validated @RequestBody VisitLoginReqDTO request,
                    HttpServletRequest httpServletRequest) {
    String clientIp = WebUtil.getHost(httpServletRequest);
    if (null != SecurityUtils.getSubject() && SecurityUtils.getSubject().isAuthenticated()) {
        try {
            SecurityUtils.getSubject().logout();
        } catch (Exception e) {
            // 无需处理

        }
    }
    try {
        if (login(request.getLoginId(), SecurityUtil.encryptPassword(request.getPassword()), clientIp)) {
            // 更新系统用户表 登陆信息
            request.setLastLoginIp(clientIp);
            request.setLastLoginTime(LocalDateTime.now());
            LoginReqDTO loginReqDTO = request.convertTo(LoginReqDTO.class);
            BaseResponse<Long> resp = systemUserFacade.updateUserLoginInfo(loginReqDTO);
            if (!resp.isSuccess()) {
                return resp;
            }
            BaseResponse<Object> response = new BaseResponse<>();
            UserDTO user = (UserDTO) SecurityUtils.getSubject().getPrincipal();
            // 修改日志
            loginLogUtil.saveLog(httpServletRequest, request, LoginType.LOGIN.getCode(), user);
            response.setContent(user);
            return response;
        }

    }catch (Exception e) {
        throw new ApplicationException("登录失败:" + e.getMessage(), e);
    }
    throw new ApplicationException("登录失败");
}

private static final Boolean login(String account, String password, String host) throws Exception {
        UsernamePasswordToken token = new UsernamePasswordToken(account, password, host);
        token.setRememberMe(true);
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(token);    // **会调用 realm中的认证功能**
            return subject.isAuthenticated();
        } catch (LockedAccountException e) {
            throw new LoginException(Resources.getMessage("ACCOUNT_LOCKED", token.getPrincipal()));
        } catch (DisabledAccountException e) {
            throw new LoginException(Resources.getMessage("ACCOUNT_DISABLED", token.getPrincipal()));
        } catch (ExpiredCredentialsException e) {
            throw new LoginException(Resources.getMessage("ACCOUNT_EXPIRED", token.getPrincipal()));
        } catch (Exception e) {
            throw new ApplicationException(e.getMessage(), e);
        }
    }

Realm.java

@Component
@Slf4j
public class Realm extends BaseRealm {

  @Reference(version = "${sys.service.version}")
  private SystemUserFacade systemUserFacade;
  @Reference(version = "${sys.service.version}")
  private SystemSetsOfBooksUserFacade systemSetsOfBooksUserFacade;

// 会先进入这个方法，判断reaml是否适用于登陆的token
  @Override
  public boolean supports(AuthenticationToken token) {
      return token != null && token instanceof UsernamePasswordToken;
  }

  /**
   * 授权
   */
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
      if (null == principals || null == principals.getPrimaryPrincipal()) {
          return null;
      }
      // 从缓存获取
      SimpleAuthorizationInfo info = ShiroUtil.getAuthorizationInfo(principals, this.sessionDAO);
      if (info == null) {
          throw new AccountException("授权失败！");
      }
      return info;
  }

  /**
   * 认证
   *
   */
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
          throws AuthenticationException {
      log.info("调用Realm ，doGetAuthenticationInfo:");
      LoginIdReqDTO mdpSecUserSearchParam = new LoginIdReqDTO();
      String loginId = (String) authcToken.getPrincipal();  // 返回前面UsernamePasswordToken封装的 loginId
      // 查询数据库
      mdpSecUserSearchParam.setLoginId(loginId);
      log.info("登录loginId:" + loginId);
      BaseResponse<SystemUserPwdResponseDTO> userResponse = systemUserFacade.findUserPwdByLoginId(mdpSecUserSearchParam);
      log.info("登录返回:" + userResponse.toString());
      SystemUserPwdResponseDTO user = userResponse.getContent();
      if (null == user) {
          throw new AccountException("无法通过账号获取到用户数据！");
      }
      log.debug("密码：" + user.getPassword() + "_" + String.valueOf((char[]) authcToken.getCredentials()));
      if (null != user && TrueOrFalseEnum.FALSE.getValue().equals(user.getUsable())) {
          throw new AccountException("用户已被禁用！");
      } else if (null != user && !user.getPassword().equals(String.valueOf((char[]) authcToken.getCredentials()))) {
          throw new AccountException("用户名或密码错误！");
      } else {
          log.info(user.getName() + ",用户登录成功：" + user.getLoginId());
      }

      UserDTO userDTO = new UserDTO();
      userDTO.setUserId(user.getUserId());
      userDTO.setSetsOfBooksId(-1L);
      userDTO.setName(user.getName());
      userDTO.setLoginId(user.getLoginId());
      userDTO.setTenantId(user.getTenantId());
      userDTO.setMobileTelephone(user.getMobileTelephone());
      Subject currentUser = SecurityUtils.getSubject();
      if (null != currentUser) {
          super.clearCache(currentUser.getPrincipals());

          Session session = currentUser.getSession();
          userDTO.setSessionId(session.getId().toString());
      }
  	//  SecurityUtils.getSubject().getPrincipal() 获取userDTO对象
      return new SimpleAuthenticationInfo(userDTO, user.getPassword(), getName());
  }

  @Override
  protected void assertCredentialsMatch(AuthenticationToken authcToken,
                                        AuthenticationInfo info) throws AuthenticationException {
      return;
  }
}

二、短信验证码登陆
如果有另外一种登陆方式，需要重新定义 realm，token
MyShiroConfig，项目启动时调用

@Configuration
@Slf4j
public class MyShiroConfig {

    @Autowired
    private Realm realm;
    @Autowired
    private BaseRealm baseRealm;
    @Autowired
    private PhoneMessageRealm phoneMessageRealm;

    @Bean
    public Authenticator authenticator() {
        // 自定义ModularRealmAuthenticator
        ModularRealmAuthenticator authenticator = new CustomModularRealmAuthenticator();
        //设置多个个Realm
        authenticator.setRealms(Arrays.asList(realm, baseRealm,phoneMessageRealm));
        //设置多个realm认证策略，一个成功即跳过其它的
        authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        // 设置自定义authenticator
        DefaultWebSecurityManager manager = SpringContextUtil.getBean(DefaultWebSecurityManager.class);
        manager.setAuthenticator(authenticator);
        return authenticator;
    }
}

解决多个realm覆盖问题
自定义ModularRealmAuthenticator，解决多个realm之后异常覆盖的问题

@Slf4j
public class CustomModularRealmAuthenticator extends ModularRealmAuthenticator {

    @Override
    protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
        AuthenticationStrategy strategy = getAuthenticationStrategy();
		
        AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);

        if (log.isTraceEnabled()) {
            log.trace("Iterating through {} realms for PAM authentication", realms.size());
        }

        AuthenticationException authenticationException = null;
        // 遍历realms
        for (Realm realm : realms) {
            aggregate = strategy.beforeAttempt(realm, token, aggregate);
			// 调用reaml的support方法，判断这个realm是否支持登陆token
            if (realm.supports(token)) {
                log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
                AuthenticationInfo info = null;
                Throwable t = null;
                try {
                // 登陆认证
                // 如果support方法支持，第一个realm遇见报错 抛异常，后面的reaml就不会循环。
                    info = realm.getAuthenticationInfo(token);
                } catch (Throwable throwable) {
                    t = throwable;
                    if (throwable instanceof AuthenticationException) {
                        authenticationException = (AuthenticationException) throwable;
                    }
                    if (log.isDebugEnabled()) {
                        String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:";
                        log.debug(msg, t);
                    }
                }

                // 增加此逻辑，只有authenticationException不为null，则表示有Realm较验到了异常，则立即中断后续Realm验证直接外抛
                if (authenticationException != null) {
                    throw authenticationException;
                }
                aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
            } else {
                log.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, token);
            }
        }
        aggregate = strategy.afterAllAttempts(token, aggregate);
        return aggregate;
    }
}

第二个短信验证码登陆
登陆功能

@PostMapping("/plogin")
@ApiOperation(value = "通过短信登陆")
public Object loginByMessage(@RequestParam("code") String messCode,@RequestParam("phone") String phone,HttpServletRequest request) throws LoginException {
    try {
        if (messCode == null || messCode.equals("")) {
            throw new ApplicationException("验证码不能为空");
        }
        Subject subject = SecurityUtils.getSubject();
        if(phoneLoing(messCode, phone, subject)) {
           // 查询数据库
            LoginReqDTO loginReqDTO = new LoginReqDTO();
            loginReqDTO.setLastLoginIp(getIpAddr(request));
            loginReqDTO.setLastLoginTime(LocalDateTime.now());
            BaseResponse<Long> resp = systemUserFacade.updateUserLoginInfo(loginReqDTO);
            if (!resp.isSuccess()) {
                return resp;
            }
            BaseResponse<Object> response = new BaseResponse<>();
            UserDTO user = (UserDTO) SecurityUtils.getSubject().getPrincipal();
            VisitLoginReqDTO visitLoginReqDTO = loginReqDTO.convertTo(VisitLoginReqDTO.class);
            loginLogUtil.saveLog(request, visitLoginReqDTO, LoginType.LOGIN.getCode(), user);
            response.setContent(user);
            return response;
        }
    } finally {
//            String key = MD5Util.getMD5Code(phone + MobileConstant.MOBILE_ASSISTANT_KEY);
//            redisTemplate.delete(key);
    }
    throw new ApplicationException("登录失败");
}

private boolean phoneLoing(String messCode, String phone, Subject subject) throws LoginException {
	// 指定自定义token ，用于验证realm是否支持
    UserToken token = new UserToken(phone, messCode);
    token.setRememberMe(true);
    try {
        subject.login(token);  // 调用realm的 认证方法
        return subject.isAuthenticated();
    } catch (LockedAccountException e) {
        throw new LoginException(Resources.getMessage("ACCOUNT_LOCKED", token.getPrincipal()));
    } catch (DisabledAccountException e) {
        throw new LoginException(Resources.getMessage("ACCOUNT_DISABLED", token.getPrincipal()));
    } catch (ExpiredCredentialsException e) {
        throw new LoginException(Resources.getMessage("ACCOUNT_EXPIRED", token.getPrincipal()));
    } catch (Exception e) {
        throw new ApplicationException(e.getMessage(), e);
    }
}

自定义UserToken

@Data
@AllArgsConstructor
@NoArgsConstructor
public class UserToken implements AuthenticationToken {

    private String mobile;
    private String messCode;
    private boolean rememberMe = false;

    public UserToken(String mobile,String messCode) {
        this.mobile = mobile;
        this.messCode= messCode;
    }

// 在realm中可获取
    @Override
    public Object getPrincipal() {
        return getMobile();
    }

    @Override
    public Object getCredentials() {
        return getMessCode();
    }
// remember 不知道怎么用
    public void setRememberMe(boolean b) {
        this.rememberMe = rememberMe;
    }
}

自定义realm PhoneMessageRealm 权限校验器

@Component
@Slf4j
public class PhoneMessageRealm extends BaseRealm {

    @Reference(version = "${sys.service.version}")
    private SystemUserFacade systemUserFacade
    @Reference(version = "${sys.service.version}")
    private SystemSetsOfBooksUserFacade systemSetsOfBooksUserFacade;
    @Reference(check = false,version = "${archives.service.version}")
    ArchivesSalesmanFacade archivesSalesmanFacade;

    @Autowired
    RedisTemplate<String,Object> redisTemplate;

    @Override
    public boolean supports(AuthenticationToken token) {
        return token != null && token instanceof UserToken;
    }

    /**
     * 授权
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        if (null == principals || null == principals.getPrimaryPrincipal()) {
            return null;
        }
        // 从缓存获取
        SimpleAuthorizationInfo info = ShiroUtil.getAuthorizationInfo(principals, this.sessionDAO);
        if (info == null) {
            throw new AccountException("授权失败！");
        }
        return info;
    }

    /**
     * 认证
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
            throws AuthenticationException {
        log.info("调用Realm ，doGetAuthenticationInfo:");
        LoginIdReqDTO mdpSecUserSearchParam = new LoginIdReqDTO();
        // 调用login时 封装数据
        // UserToken token = new UserToken(phone, messCode);
        String mobile = (String) authcToken.getPrincipal();   
        String messCode = (String) authcToken.getCredentials();
		// 查数据库
        SystemUserReqDTO systemUserReqDTO = new SystemUserReqDTO();
        systemUserReqDTO.setMobileTelephone(mobile);
        BaseResponse<SystemUserPwdResponseDTO> userResponse = systemUserFacade.getUserLoginByMobile(systemUserReqDTO);

        log.info("登录返回:" + userResponse.toString());
        SystemUserPwdResponseDTO user = userResponse.getContent();
        if (null == user) {
            throw new AccountException("无法通过手机号获取到用户数据！");
        }
        if (null != user && TrueOrFalseEnum.FALSE.getValue().equals(user.getUsable())) {
            throw new AccountException("用户已被禁用！");
        }
        // 比较验证码如果不一致 throw new AccountException("验证码错误！");
        String key = MD5Util.getMD5Code(mobile + MobileConstant.MOBILE_ASSISTANT_KEY);
        String value = (String)redisTemplate.opsForValue().get(key);
        if (null == value) {
            throw new ApplicationException("验证码不存在，或已失效");
        }
        if (!value.equals(messCode)) {
            throw new ApplicationException("验证码错误");
        } else {
            log.info(user.getName() + ",用户登录成功：" + user.getLoginId());
        }
		// 封装结果
        UserDTO userDTO = new UserDTO();
        userDTO.setUserId(user.getUserId());
        userDTO.setSetsOfBooksId(-1L);
        userDTO.setName(user.getName());
        userDTO.setLoginId(user.getLoginId());
        userDTO.setTenantId(user.getTenantId());
        userDTO.setMobileTelephone(user.getMobileTelephone());
        Subject currentUser = SecurityUtils.getSubject();
        if (null != currentUser) {
            super.clearCache(currentUser.getPrincipals());

            Session session = currentUser.getSession();
            userDTO.setSessionId(session.getId().toString());
        }
		//  SecurityUtils.getSubject().getPrincipal() 获取userDTO对象
        return new SimpleAuthenticationInfo(userDTO, user.getPassword(), getName());
    }

    @Override
    protected void assertCredentialsMatch(AuthenticationToken authcToken,
                                          AuthenticationInfo info) throws AuthenticationException {
        return;
    }
}

移动开发最新文章

Vue3装载axios和element-ui

android adb cmd

【xcode】Xcode常用快捷键与技巧

Android开发中的线程池使用

Java 和 Android 的 Base64

【Android Jetpack】DataStore

加:2022-04-01 00:13:15 更:2022-04-01 00:15:37

360图书馆购物三丰科技阅读网日历万年历 2024年11日历

-2024/11/24 19:59:39-

图片自动播放器
↓图片自动播放器↓

TxT小说阅读器
↓语音阅读,小说下载,古典文学↓

一键清除垃圾
↓轻轻一点,清除系统垃圾↓

图片批量下载器
↓批量下载图片,美女图库↓

网站联系: qq:121756557 email:121756557@qq.com IT数码