Shiro:有关于shiro的权限控制

在我们日常开发项目中,会涉及到很多不同角色拥有不同的功能,新的项目一般用shiro作为权限控制
本人也非常推荐用shiro,一个强大的权限控制框架

强大的权限控制框架: Shiro
1.shiro的一个拦截,可以自定义 

 

  package com.oneinlet.component.shiro; 
  import org.apache.shiro.web.filter.authz.AuthorizationFilter; 
  import javax.servlet.ServletRequest; 
  import javax.servlet.ServletResponse; 
  public class GuardAuthorizationFilter 
  extends AuthorizationFilter { 
  @Override 
   
  protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) { 
  return false; } }
 

 

  2.获取角色,当然可以从数据库中获取,我这里简单一点直接设置
 

 
 

  
package com.oneinlet.component.shiro;
import com.oneinlet.entity.Role;
import com.oneinlet.service.RoleService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;


public class GuardAuthorizingRealm extends AuthorizingRealm {
    private RoleService roleService;
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

        // 从数据库中获取
        Set<String> role=new HashSet<>();
        role.add("user");
        role.add("school");
        Set<String> permission=new HashSet<>();
        permission.add("deleteUser");
        permission.add("deleteSchool");
        permission.add("save");
        permission.add("select");
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.setRoles(role);
        authorizationInfo.setStringPermissions(permission);
        return authorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
//        logger.info("用户验证执行 : "+token.getUsername());
//        User user = userService.getByEmail(token.getUsername(),true);
//        if(user==null){
//            logger.error("用户 { "+token.getUsername()+" } 不存在 ");
//            throw new AccountException("账户不存在");
//        }
//        if(user.getStatus()==0){
//            logger.error("用户 { "+token.getUsername()+" } 被禁止登录 ");
//            throw new DisabledAccountException("账号已经禁止登录");
//        }else{
//            user.setUpdated(DateUtils.getNowTimestamp());
//            user.setUpdatedAt(DateUtils.getNowFormatDate(null));
//            System.out.println("效验更新前ROLE:"+user.getRole().getRId());
//            userService.update(user,true,user.getId());
//        }
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo("520code","123","getRealm");
        return authenticationInfo;
    }


//    @PostConstruct
//    public void initCredentialsMatcher() {
//        //该句作用是重写shiro的密码验证,让shiro用我自己的验证
//        setCredentialsMatcher(new CredentialsMatcher());
//
//    }
}


 

 

  注释的代码可以勿看
 

 

  

 

 

  3.我们以登录验证为例
 

 
@RequestMapping(value = "/login", method = RequestMethod.POST)
public Object login(@RequestParam("username") String username,
                    @RequestParam("password") String password){
    Subject subject = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(username,password);
    token.setRememberMe(true);
    subject.login(token);
    return setOKResult();
}

 

  这里从前端页面接收的json值
 

 

  4.再看看前端代码
 

 
<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
    <script type="text/javascript" src="../jquery-3.3.1.js"></script>
</head>
<body>
<form >
    用户名:<input type="text" name="username" id="username" /><br />
    密码:<input type="password" name="password" id="password" /><br />
    登录:<input id="sub" type="button" value="确定" />
    <label id="msg"></label>
    <a href="register.html">注册</a>
</form>
<script type="text/javascript">
    $(function () {
        $("#sub").click(function () {
            $.ajax({
                type: 'post',
                url: '/user/login',
                data: {username:$("#username").val(), password:$("#password").val()},
                dataType: 'json',
                success: function (data) {
                    $('#msg').empty();
                    var html='';
                    $('#msg').html(html)
                }

            });
        });
    });

</script>
</body>
</html>

 

  一个基本的登录验证已经完毕,好我们来测试一下把
 

 

  5.测试如下:
 

 

  
 

 

  先输入一个错误的把!!!!!
 

 

  
 

 

  当前显示是没有权限的!!!!!!
 

 

 

  

 

 

  我们再输入一个正确的
 

 

 

  
 

 

  然后我们再看看结果!!!!!
 

 

 

  
 

 

  成功!!!!!
 

 

 

  就是这么简单!!!希望对大家有帮助!!
 

 

  

 

 

  关注本人微博:李日兴LRX
 









                





            

            
posted @ 
2022-08-11 18:52 
码海兴辰 
阅读(149) 
评论(0编辑 
收藏 
举报