Cod*_*kie 4 java tapestry shiro
我正在使用使用Apache Shiro的Tapestry-Security
我有一个处理授权和身份验证的自定义域.我们的身份验证在技术上使用远程服务进行,该服务返回用户名和一组角色.我只是将用户名传递给我的自定义AuthenticationToken,它允许我查询我们的本地数据库并设置SimpleAuthenticationInfo.
我无法弄清楚如何使用从我们的远程服务返回给我的角色列表来填充AuthorizationInfo doGetAuthorizationInfo方法.下面是我用来填充领域的代码.
Login.class
//Remote authentication service
RemoteLoginClient client = new RemoteLoginClient();
RemoteSubject authenticate = client.authenticate(username, password);
//tapestry security authentication
Subject currentUser = SecurityUtils.getSubject();
CustomAuthenticationToken token = new
CustomAuthenticationToken(authenticate.getUsername());
System.out.println("roles" + authenticate.getRoles());
currentUser.login(token);
customRealm公共类中的AuthorizationInfo方法CustomRealm扩展AuthorizingRealm {
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
CustomAuthenticationToken upToken = (CustomAuthenticationToken ) token;
String email = upToken.getUsername();
ApplicationUser applicationUser = (ApplicationUser) session.createCriteria(ApplicationUser.class)
.add(Restrictions.like("email", email + "%"))
.uniqueResult();
if (applicationUser == null) {
throw new UnknownAccountException("User doesn't exist in EPRS database");
}
return buildAuthenticationInfo(applicationUser.getId());
}
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//Not sure how to populate the principle or
//read the principle to populate the SimpleAuthorizationInfo
return new SimpleAuthorizationInfo(roleNames);
}
AuthorizingRealm如果您需要身份验证和授权,则扩展是一个很好的起点.此外,正如PepperBob已经说过的那样,当你使用它时,Account接口及其SimpleAccount实现在单个接口中支持身份验证和授权,因此你不需要太多单独的代码doGetAuthenticationInfo(),doGetAuthorizationInfo()并且可以从两者中返回相同的对象方法.
要获取授权信息,您需要做两件事:
getAvailablePrincipal()方法仅包含一个主体)(整齐地预定义AuthorizingRealm).setRoles()您的帐户对象.......你已经完成了.
编辑添加:
这将是一种非常简单的方式来存储角色,直到您需要它们.请注意,实际身份验证是在域中完成的,它依赖于RemoteLoginClient.
public class MyRealm extends AuthorizingRealm {
private RemoteLoginClient client = ...;
private final Map<String, Set<String>> emailToRoles = new ConcurrentHashMap<>();
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) {
final UsernamePasswordToken userPass = (UsernamePasswordToken) token;
final RemoteSubject authenticate = this.client.authenticate(
userPass.getUserName(), userPass.getPassword());
if (authenticate != null) { //assuming this means success
this.emailToRoles.put(userPass.getUserName(), authenticate.getRoles());
return new SimpleAuthenticationInfo(...);
} else {
return null;
}
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
final String username = (String) principals.getPrimaryPrincipal();
final Set<String> roles = this.emailToRoles.get(username);
return new SimpleAuthorizationInfo(roles);
}
}