如何确定 shiro 用户拥有哪些权限
[英]How to determine which permissions a shiro user has
问题描述
I have to deal with an application which is secured by apache shiro.
我必须处理由 apache shiro 保护的应用程序。 I'm quite new to this framework.我对这个框架很陌生。 As far as I can see, I can check single rights via subject.isPermitted() , eg据我所知,我可以通过subject.isPermitted()检查单个权限,例如
Subject subject = SecurityUtils.getSubject();
[...]
subject.isPermitted("$RightString");
For logging purposes I need the complete list of user rights as a String.出于记录目的,我需要用户权限的完整列表作为字符串。 And I do not want to iterate over the list of rights and check everytime, whether subject.isPermitted() is true而且我不想遍历权限列表并每次都检查, subject.isPermitted()是否为true
Is there any shortcut to this problem?这个问题有什么捷径可走吗?
Edit:编辑:
Further Information:更多信息:
- Application is a Spring 4 Application应用程序是 Spring 4 应用程序
realm is defined in in application context as a bean
领域在应用程序上下文中定义为 bean<bean id="PRODUCTNAMERealm" class="de.PATHFROMPRODUCT_PRODUCTNAMEJdbcRealm"> <property name="dataSource" ref="dataSource"/> <property name="schema" value="${PRODUCTNAME.schema}"/> </bean>so i could inject it if needed.
所以我可以在需要时注射它。
3 个解决方案
解决方案1
4 已采纳 2014-08-29 12:01:52
I believe there is no out of the box way to do this, be we worked around this by registering the user permissions on the session.我相信没有现成的方法可以做到这一点,我们是否通过在会话上注册用户权限来解决这个问题。 We are using a custom realm implementation and our permissions are stored in the database.我们正在使用自定义领域实现,我们的权限存储在数据库中。
In our custom realm class:在我们的自定义领域类中:
@Override
public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<String> permissionsSet = //logic to get the permissions here
info.addStringPermissions(permissionsSet);
SecurityUtils.getSubject().getSession().setAttribute("permissions", permissionsSet);
return info;
}
Now retrieving the permissions is just a matter of calling:现在检索权限只是调用的问题:
SecurityUtils.getSubject().getSession().getAttribute("permissions");
Another way would be to inject your custom realm where you need the info and have the bean make getAuthorizationInfo public.另一种方法是在需要信息的地方注入自定义领域,并使 bean 公开 getAuthorizationInfo。
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
return super.getAuthorizationInfo(principals);
}
....
yourRealm.getAuthorizationInfo(SecurityUtils.getSubject().getPrincipals()).getStringPermissions();
解决方案2
1 2014-09-01 13:32:31
In my opinion Shiro is related to only security, authority, etc of current user not to the whole user base.在我看来,Shiro 只与当前用户的安全、权限等有关,与整个用户群无关。 You can use your standard SQL queries to retrieve users permissions.您可以使用标准 SQL 查询来检索用户权限。
解决方案3
1 2020-12-05 10:36:06
you may override function getAuthorizationInfo in own AuthorizingRealm implementation您可以在自己的 AuthorizingRealm 实现中覆盖函数 getAuthorizationInfo
public class LoginPasswordRealm extends AuthorizingRealm {
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals){
return super.getAuthorizationInfo(principals);
}
}
and then user it:然后使用它:
Subject currentUser = SecurityUtils.getSubject();
LoginPasswordRealm realm = (LoginPasswordRealm)securityManager.getRealms().iterator().next();
AuthorizationInfo authorizationInfo = realm.getAuthorizationInfo(currentUser.getPrincipals());
authorizationInfo.getStringPermissions().forEach(System.out::println);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.