2017.2.15 开涛shiro教程-第二十一章-授予身份与切换身份(二) controller

原博客地址:http://jinnianshilongnian.iteye.com/blog/2018398

根据下载的pdf学习。

 

开涛shiro教程-第二十一章-授予身份与切换身份(二)

1.回顾上节

在《2017.2.15 开涛shiro教程-第二十一章-授予身份与切换身份(一)table、entity、service、dao 》中,做了这四件事。这只是准备材料,要实现 B 假借 A 的身份进行访问,还需要完成controller部分。

1 table:sys_user_runas
2 entity:UserRunAs
3 service:UserRunAsService、UserRunAsServiceImpl
4 dao:UserRunAsDao、UserRunAsDaoImpl

 

2.最终效果

(1)涉及到的jsp

 

(2)页面效果

 

3.controller

  1 package com.github.zhangkaitao.shiro.chapter21.web.controller;
  2 
  3 import com.github.zhangkaitao.shiro.chapter21.entity.Organization;
  4 import com.github.zhangkaitao.shiro.chapter21.service.OrganizationService;
  5 import org.apache.shiro.authz.annotation.RequiresPermissions;
  6 import org.springframework.beans.factory.annotation.Autowired;
  7 import org.springframework.stereotype.Controller;
  8 import org.springframework.ui.Model;
  9 import org.springframework.web.bind.annotation.PathVariable;
 10 import org.springframework.web.bind.annotation.RequestMapping;
 11 import org.springframework.web.bind.annotation.RequestMethod;
 12 import org.springframework.web.bind.annotation.RequestParam;
 13 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 14 
 15 /**
 16  * <p>User: Zhang Kaitao
 17  * <p>Date: 14-2-14
 18  * <p>Version: 1.0
 19  */
 20 @Controller
 21 @RequestMapping("/organization")
 22 public class OrganizationController {
 23 
 24     @Autowired
 25     private OrganizationService organizationService;
 26 
 27     @RequiresPermissions("organization:view")
 28     @RequestMapping(method = RequestMethod.GET)
 29     public String index(Model model) {
 30         return "organization/index";
 31     }
 32 
 33     @RequiresPermissions("organization:view")
 34     @RequestMapping(value = "/tree", method = RequestMethod.GET)
 35     public String showTree(Model model) {
 36         model.addAttribute("organizationList", organizationService.findAll());
 37         return "organization/tree";
 38     }
 39 
 40     @RequiresPermissions("organization:create")
 41     @RequestMapping(value = "/{parentId}/appendChild", method = RequestMethod.GET)
 42     public String showAppendChildForm(@PathVariable("parentId") Long parentId, Model model) {
 43         Organization parent = organizationService.findOne(parentId);
 44         model.addAttribute("parent", parent);
 45         Organization child = new Organization();
 46         child.setParentId(parentId);
 47         child.setParentIds(parent.makeSelfAsParentIds());
 48         model.addAttribute("child", child);
 49         model.addAttribute("op", "新增");
 50         return "organization/appendChild";
 51     }
 52 
 53     @RequiresPermissions("organization:create")
 54     @RequestMapping(value = "/{parentId}/appendChild", method = RequestMethod.POST)
 55     public String create(Organization organization) {
 56         organizationService.createOrganization(organization);
 57         return "redirect:/organization/success";
 58     }
 59 
 60     @RequiresPermissions("organization:update")
 61     @RequestMapping(value = "/{id}/maintain", method = RequestMethod.GET)
 62     public String showMaintainForm(@PathVariable("id") Long id, Model model) {
 63         model.addAttribute("organization", organizationService.findOne(id));
 64         return "organization/maintain";
 65     }
 66 
 67     @RequiresPermissions("organization:update")
 68     @RequestMapping(value = "/{id}/update", method = RequestMethod.POST)
 69     public String update(Organization organization, RedirectAttributes redirectAttributes) {
 70         organizationService.updateOrganization(organization);
 71         redirectAttributes.addFlashAttribute("msg", "修改成功");
 72         return "redirect:/organization/success";
 73     }
 74 
 75     @RequiresPermissions("organization:delete")
 76     @RequestMapping(value = "/{id}/delete", method = RequestMethod.POST)
 77     public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) {
 78         organizationService.deleteOrganization(id);
 79         redirectAttributes.addFlashAttribute("msg", "删除成功");
 80         return "redirect:/organization/success";
 81     }
 82 
 83 
 84     @RequiresPermissions("organization:update")
 85     @RequestMapping(value = "/{sourceId}/move", method = RequestMethod.GET)
 86     public String showMoveForm(@PathVariable("sourceId") Long sourceId, Model model) {
 87         Organization source = organizationService.findOne(sourceId);
 88         model.addAttribute("source", source);
 89         model.addAttribute("targetList", organizationService.findAllWithExclude(source));
 90         return "organization/move";
 91     }
 92 
 93     @RequiresPermissions("organization:update")
 94     @RequestMapping(value = "/{sourceId}/move", method = RequestMethod.POST)
 95     public String move(
 96             @PathVariable("sourceId") Long sourceId,
 97             @RequestParam("targetId") Long targetId) {
 98         Organization source = organizationService.findOne(sourceId);
 99         Organization target = organizationService.findOne(targetId);
100         organizationService.move(source, target);
101         return "redirect:/organization/success";
102     }
103 
104     @RequiresPermissions("organization:view")
105     @RequestMapping(value = "/success", method = RequestMethod.GET)
106     public String success() {
107         return "organization/success";
108     }
109 
110 
111 }
OrganizationController
 1 package com.github.zhangkaitao.shiro.chapter21.web.controller;
 2 
 3 import com.github.zhangkaitao.shiro.chapter21.entity.Resource;
 4 import com.github.zhangkaitao.shiro.chapter21.service.ResourceService;
 5 import org.apache.shiro.authz.annotation.RequiresPermissions;
 6 import org.springframework.beans.factory.annotation.Autowired;
 7 import org.springframework.stereotype.Controller;
 8 import org.springframework.ui.Model;
 9 import org.springframework.web.bind.annotation.ModelAttribute;
10 import org.springframework.web.bind.annotation.PathVariable;
11 import org.springframework.web.bind.annotation.RequestMapping;
12 import org.springframework.web.bind.annotation.RequestMethod;
13 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
14 
15 /**
16  * <p>User: Zhang Kaitao
17  * <p>Date: 14-2-14
18  * <p>Version: 1.0
19  */
20 @Controller
21 @RequestMapping("/resource")
22 public class ResourceController {
23 
24     @Autowired
25     private ResourceService resourceService;
26 
27     @ModelAttribute("types")
28     public Resource.ResourceType[] resourceTypes() {
29         return Resource.ResourceType.values();
30     }
31 
32     @RequiresPermissions("resource:view")
33     @RequestMapping(method = RequestMethod.GET)
34     public String list(Model model) {
35         model.addAttribute("resourceList", resourceService.findAll());
36         return "resource/list";
37     }
38 
39     @RequiresPermissions("resource:create")
40     @RequestMapping(value = "/{parentId}/appendChild", method = RequestMethod.GET)
41     public String showAppendChildForm(@PathVariable("parentId") Long parentId, Model model) {
42         Resource parent = resourceService.findOne(parentId);
43         model.addAttribute("parent", parent);
44         Resource child = new Resource();
45         child.setParentId(parentId);
46         child.setParentIds(parent.makeSelfAsParentIds());
47         model.addAttribute("resource", child);
48         model.addAttribute("op", "新增子节点");
49         return "resource/edit";
50     }
51 
52     @RequiresPermissions("resource:create")
53     @RequestMapping(value = "/{parentId}/appendChild", method = RequestMethod.POST)
54     public String create(Resource resource, RedirectAttributes redirectAttributes) {
55         resourceService.createResource(resource);
56         redirectAttributes.addFlashAttribute("msg", "新增子节点成功");
57         return "redirect:/resource";
58     }
59 
60     @RequiresPermissions("resource:update")
61     @RequestMapping(value = "/{id}/update", method = RequestMethod.GET)
62     public String showUpdateForm(@PathVariable("id") Long id, Model model) {
63         model.addAttribute("resource", resourceService.findOne(id));
64         model.addAttribute("op", "修改");
65         return "resource/edit";
66     }
67 
68     @RequiresPermissions("resource:update")
69     @RequestMapping(value = "/{id}/update", method = RequestMethod.POST)
70     public String update(Resource resource, RedirectAttributes redirectAttributes) {
71         resourceService.updateResource(resource);
72         redirectAttributes.addFlashAttribute("msg", "修改成功");
73         return "redirect:/resource";
74     }
75 
76     @RequiresPermissions("resource:delete")
77     @RequestMapping(value = "/{id}/delete", method = RequestMethod.GET)
78     public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) {
79         resourceService.deleteResource(id);
80         redirectAttributes.addFlashAttribute("msg", "删除成功");
81         return "redirect:/resource";
82     }
83 
84 }
ResourceController
 1 package com.github.zhangkaitao.shiro.chapter21.web.controller;
 2 
 3 import com.github.zhangkaitao.shiro.chapter21.entity.Role;
 4 import com.github.zhangkaitao.shiro.chapter21.service.ResourceService;
 5 import com.github.zhangkaitao.shiro.chapter21.service.RoleService;
 6 import org.apache.shiro.authz.annotation.RequiresPermissions;
 7 import org.springframework.beans.factory.annotation.Autowired;
 8 import org.springframework.stereotype.Controller;
 9 import org.springframework.ui.Model;
10 import org.springframework.web.bind.annotation.PathVariable;
11 import org.springframework.web.bind.annotation.RequestMapping;
12 import org.springframework.web.bind.annotation.RequestMethod;
13 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
14 
15 /**
16  * <p>User: Zhang Kaitao
17  * <p>Date: 14-2-14
18  * <p>Version: 1.0
19  */
20 @Controller
21 @RequestMapping("/role")
22 public class RoleController {
23 
24     @Autowired
25     private RoleService roleService;
26 
27     @Autowired
28     private ResourceService resourceService;
29 
30     @RequiresPermissions("role:view")
31     @RequestMapping(method = RequestMethod.GET)
32     public String list(Model model) {
33         model.addAttribute("roleList", roleService.findAll());
34         return "role/list";
35     }
36 
37     @RequiresPermissions("role:create")
38     @RequestMapping(value = "/create", method = RequestMethod.GET)
39     public String showCreateForm(Model model) {
40         setCommonData(model);
41         model.addAttribute("role", new Role());
42         model.addAttribute("op", "新增");
43         return "role/edit";
44     }
45 
46     @RequiresPermissions("role:create")
47     @RequestMapping(value = "/create", method = RequestMethod.POST)
48     public String create(Role role, RedirectAttributes redirectAttributes) {
49         roleService.createRole(role);
50         redirectAttributes.addFlashAttribute("msg", "新增成功");
51         return "redirect:/role";
52     }
53 
54     @RequiresPermissions("role:update")
55     @RequestMapping(value = "/{id}/update", method = RequestMethod.GET)
56     public String showUpdateForm(@PathVariable("id") Long id, Model model) {
57         setCommonData(model);
58         model.addAttribute("role", roleService.findOne(id));
59         model.addAttribute("op", "修改");
60         return "role/edit";
61     }
62 
63     @RequiresPermissions("role:update")
64     @RequestMapping(value = "/{id}/update", method = RequestMethod.POST)
65     public String update(Role role, RedirectAttributes redirectAttributes) {
66         roleService.updateRole(role);
67         redirectAttributes.addFlashAttribute("msg", "修改成功");
68         return "redirect:/role";
69     }
70 
71     @RequiresPermissions("role:delete")
72     @RequestMapping(value = "/{id}/delete", method = RequestMethod.GET)
73     public String showDeleteForm(@PathVariable("id") Long id, Model model) {
74         setCommonData(model);
75         model.addAttribute("role", roleService.findOne(id));
76         model.addAttribute("op", "删除");
77         return "role/edit";
78     }
79 
80     @RequiresPermissions("role:delete")
81     @RequestMapping(value = "/{id}/delete", method = RequestMethod.POST)
82     public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) {
83         roleService.deleteRole(id);
84         redirectAttributes.addFlashAttribute("msg", "删除成功");
85         return "redirect:/role";
86     }
87 
88     private void setCommonData(Model model) {
89         model.addAttribute("resourceList", resourceService.findAll());
90     }
91 
92 }
RoleController
  1 package com.github.zhangkaitao.shiro.chapter21.web.controller;
  2 
  3 import com.github.zhangkaitao.shiro.chapter21.entity.User;
  4 import com.github.zhangkaitao.shiro.chapter21.service.*;
  5 import com.github.zhangkaitao.shiro.chapter21.service.RoleService;
  6 import com.github.zhangkaitao.shiro.chapter21.service.UserService;
  7 import org.apache.shiro.authz.annotation.RequiresPermissions;
  8 import org.springframework.beans.factory.annotation.Autowired;
  9 import org.springframework.stereotype.Controller;
 10 import org.springframework.ui.Model;
 11 import org.springframework.web.bind.annotation.PathVariable;
 12 import org.springframework.web.bind.annotation.RequestMapping;
 13 import org.springframework.web.bind.annotation.RequestMethod;
 14 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 15 
 16 /**
 17  * <p>User: Zhang Kaitao
 18  * <p>Date: 14-2-14
 19  * <p>Version: 1.0
 20  */
 21 @Controller
 22 @RequestMapping("/user")
 23 public class UserController {
 24 
 25     @Autowired
 26     private UserService userService;
 27 
 28     @Autowired
 29     private OrganizationService organizationService;
 30     @Autowired
 31     private RoleService roleService;
 32 
 33     @RequiresPermissions("user:view")
 34     @RequestMapping(method = RequestMethod.GET)
 35     public String list(Model model) {
 36         model.addAttribute("userList", userService.findAll());
 37         return "user/list";
 38     }
 39 
 40     @RequiresPermissions("user:create")
 41     @RequestMapping(value = "/create", method = RequestMethod.GET)
 42     public String showCreateForm(Model model) {
 43         setCommonData(model);
 44         model.addAttribute("user", new User());
 45         model.addAttribute("op", "新增");
 46         return "user/edit";
 47     }
 48 
 49     @RequiresPermissions("user:create")
 50     @RequestMapping(value = "/create", method = RequestMethod.POST)
 51     public String create(User user, RedirectAttributes redirectAttributes) {
 52         userService.createUser(user);
 53         redirectAttributes.addFlashAttribute("msg", "新增成功");
 54         return "redirect:/user";
 55     }
 56 
 57     @RequiresPermissions("user:update")
 58     @RequestMapping(value = "/{id}/update", method = RequestMethod.GET)
 59     public String showUpdateForm(@PathVariable("id") Long id, Model model) {
 60         setCommonData(model);
 61         model.addAttribute("user", userService.findOne(id));
 62         model.addAttribute("op", "修改");
 63         return "user/edit";
 64     }
 65 
 66     @RequiresPermissions("user:update")
 67     @RequestMapping(value = "/{id}/update", method = RequestMethod.POST)
 68     public String update(User user, RedirectAttributes redirectAttributes) {
 69         userService.updateUser(user);
 70         redirectAttributes.addFlashAttribute("msg", "修改成功");
 71         return "redirect:/user";
 72     }
 73 
 74     @RequiresPermissions("user:delete")
 75     @RequestMapping(value = "/{id}/delete", method = RequestMethod.GET)
 76     public String showDeleteForm(@PathVariable("id") Long id, Model model) {
 77         setCommonData(model);
 78         model.addAttribute("user", userService.findOne(id));
 79         model.addAttribute("op", "删除");
 80         return "user/edit";
 81     }
 82 
 83     @RequiresPermissions("user:delete")
 84     @RequestMapping(value = "/{id}/delete", method = RequestMethod.POST)
 85     public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) {
 86         userService.deleteUser(id);
 87         redirectAttributes.addFlashAttribute("msg", "删除成功");
 88         return "redirect:/user";
 89     }
 90 
 91 
 92     @RequiresPermissions("user:update")
 93     @RequestMapping(value = "/{id}/changePassword", method = RequestMethod.GET)
 94     public String showChangePasswordForm(@PathVariable("id") Long id, Model model) {
 95         model.addAttribute("user", userService.findOne(id));
 96         model.addAttribute("op", "修改密码");
 97         return "user/changePassword";
 98     }
 99 
100     @RequiresPermissions("user:update")
101     @RequestMapping(value = "/{id}/changePassword", method = RequestMethod.POST)
102     public String changePassword(@PathVariable("id") Long id, String newPassword, RedirectAttributes redirectAttributes) {
103         userService.changePassword(id, newPassword);
104         redirectAttributes.addFlashAttribute("msg", "修改密码成功");
105         return "redirect:/user";
106     }
107 
108     private void setCommonData(Model model) {
109         model.addAttribute("organizationList", organizationService.findAll());
110         model.addAttribute("roleList", roleService.findAll());
111     }
112 }
UserController
 1 package com.github.zhangkaitao.shiro.chapter21.web.controller;
 2 
 3 import org.apache.shiro.authc.IncorrectCredentialsException;
 4 import org.apache.shiro.authc.UnknownAccountException;
 5 import org.springframework.stereotype.Controller;
 6 import org.springframework.ui.Model;
 7 import org.springframework.web.bind.annotation.RequestMapping;
 8 
 9 import javax.servlet.http.HttpServletRequest;
10 
11 /**
12  * <p>User: Zhang Kaitao
13  * <p>Date: 14-2-15
14  * <p>Version: 1.0
15  */
16 @Controller
17 public class LoginController {
18 
19     @RequestMapping(value = "/login"    )
20     public String showLoginForm(HttpServletRequest req, Model model) {
21         String exceptionClassName = (String)req.getAttribute("shiroLoginFailure");
22         String error = null;
23         if(UnknownAccountException.class.getName().equals(exceptionClassName)) {
24             error = "用户名/密码错误";
25         } else if(IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
26             error = "用户名/密码错误";
27         } else if(exceptionClassName != null) {
28             error = "其他错误:" + exceptionClassName;
29         }
30         model.addAttribute("error", error);
31         return "login";
32     }
33 
34 
35 }
LoginController
 1 package com.github.zhangkaitao.shiro.chapter21.web.controller;
 2 
 3 import com.github.zhangkaitao.shiro.chapter21.entity.Resource;
 4 import com.github.zhangkaitao.shiro.chapter21.entity.User;
 5 import com.github.zhangkaitao.shiro.chapter21.web.bind.annotation.CurrentUser;
 6 import com.github.zhangkaitao.shiro.chapter21.service.ResourceService;
 7 import com.github.zhangkaitao.shiro.chapter21.service.UserService;
 8 import org.springframework.beans.factory.annotation.Autowired;
 9 import org.springframework.stereotype.Controller;
10 import org.springframework.ui.Model;
11 import org.springframework.web.bind.annotation.RequestMapping;
12 
13 import java.util.List;
14 import java.util.Set;
15 
16 /**
17  * <p>User: Zhang Kaitao
18  * <p>Date: 14-2-14
19  * <p>Version: 1.0
20  */
21 @Controller
22 public class IndexController {
23 
24     @Autowired
25     private ResourceService resourceService;
26     @Autowired
27     private UserService userService;
28 
29     @RequestMapping("/")
30     public String index(@CurrentUser User loginUser, Model model) {
31         Set<String> permissions = userService.findPermissions(loginUser.getUsername());
32         List<Resource> menus = resourceService.findMenus(permissions);
33         model.addAttribute("menus", menus);
34         return "index";
35     }
36 
37     @RequestMapping("/welcome")
38     public String welcome() {
39         return "welcome";
40     }
41 
42 
43 }
IndexController

 

RunAsController:

(1)简要总览

四个方法:展示,授予,收回,切换。

 1 @Controller
 2 @RequestMapping("/runas")
 3 public class RunAsController {
 4 
 5     @Autowired
 6     private UserRunAsService userRunAsService;
 7 
 8     @Autowired
 9     private UserService userService;
10 
11     @RequestMapping
12     public String runasList(
13             @CurrentUser User loginUser, 
14             Model model) {
15     ...
16     }
17 
18    @RequestMapping("/grant/{toUserId}")
19     public String grant(
20             @CurrentUser User loginUser,
21             @PathVariable("toUserId") Long toUserId,
22             RedirectAttributes redirectAttributes) {
23     ...
24     }
25 
26     @RequestMapping("/revoke/{toUserId}")
27     public String revoke(
28             @CurrentUser User loginUser,
29             @PathVariable("toUserId") Long toUserId,
30             RedirectAttributes redirectAttributes) {
31     ...
32     }
33 
34     @RequestMapping("/switchTo/{switchToUserId}")
35     public String switchTo(
36             @CurrentUser User loginUser,
37             @PathVariable("switchToUserId") Long switchToUserId,
38             RedirectAttributes redirectAttributes) {
39     ...
40     }
41 
42     @RequestMapping("/switchBack")
43     public String switchBack(RedirectAttributes redirectAttributes) {
44     ...
45     }
46 }

 

(2)runasList
runasList 展示当前用户能切换到的身份列表,及授予给其他人的身份列表。

 1     @RequestMapping
 2     public String runasList(@CurrentUser User loginUser, Model model) {
 3         //fromUserId是A,toUserId是B。
 4         //A:授予别人身份的user(领导),B:被授予身份的user(秘书)
 5         //B可以假借A的身份进行访问
 6 
 7         //查询当前用户是不是被授予身份的,并存好
 8         model.addAttribute("fromUserIds", userRunAsService.findFromUserIds(loginUser.getId()));
 9         //查询当前用户有没有授予别人身份,并存好
10         model.addAttribute("toUserIds", userRunAsService.findToUserIds(loginUser.getId()));
11          
12         //获得除该用户之外的所有users
13         List<User> allUsers = userService.findAll();
14         allUsers.remove(loginUser);
15         model.addAttribute("allUsers", allUsers);
16 
17         Subject subject = SecurityUtils.getSubject();
18         //subject.isRunAs,用于判定该用户是不是已经是RunAs用户
19         model.addAttribute("isRunas", subject.isRunAs());
20         if(subject.isRunAs()) {
21             //一个用户可以切换很多次身份,之前的身份用栈存储
22             String previousUsername =
23                     (String)subject.getPreviousPrincipals().getPrimaryPrincipal();
24             model.addAttribute("previousUsername", previousUsername);
25         }
26 
27         return "runas";
28     }

 

(2)grant

 1 @RequestMapping("/grant/{toUserId}")
 2     public String grant(
 3             @CurrentUser User loginUser,
 4             @PathVariable("toUserId") Long toUserId,
 5             RedirectAttributes redirectAttributes) {
 6       
 7         if(loginUser.getId().equals(toUserId)) {
 8             redirectAttributes.addFlashAttribute("msg", "自己不能切换到自己的身份");
 9             return "redirect:/runas";
10         }
11 
12         userRunAsService.grantRunAs(loginUser.getId(), toUserId);
13         redirectAttributes.addFlashAttribute("msg", "操作成功");
14         return "redirect:/runas";
15     }

 

(3)revoke

1 @RequestMapping("/revoke/{toUserId}")
2     public String revoke(
3             @CurrentUser User loginUser,
4             @PathVariable("toUserId") Long toUserId,
5             RedirectAttributes redirectAttributes) {
6         userRunAsService.revokeRunAs(loginUser.getId(), toUserId);
7         redirectAttributes.addFlashAttribute("msg", "操作成功");
8         return "redirect:/runas";
9     }

 

(4)switchTo

 1 @RequestMapping("/switchTo/{switchToUserId}")
 2     public String switchTo(
 3             @CurrentUser User loginUser,
 4             @PathVariable("switchToUserId") Long switchToUserId,
 5             RedirectAttributes redirectAttributes) {
 6 
 7         Subject subject = SecurityUtils.getSubject();
 8         //查找要切换的用户
 9         User switchToUser = userService.findOne(switchToUserId);
10         if(loginUser.equals(switchToUser)) {
11             redirectAttributes.addFlashAttribute("msg", "自己不能切换到自己的身份");
12             return "redirect:/runas";
13         }
14 
15         //判定能否切换
16         if(switchToUser == null || !userRunAsService.exists(switchToUserId, loginUser.getId())) {
17             redirectAttributes.addFlashAttribute("msg", "对方没有授予您身份,不能切换");
18             return "redirect:/runas";
19         }
20      
21         //切换身份
22         subject.runAs(new SimplePrincipalCollection(switchToUser.getUsername(), ""));
23         redirectAttributes.addFlashAttribute("msg", "操作成功");
24         redirectAttributes.addFlashAttribute("needRefresh", "true");
25         return "redirect:/runas";
26     }

 

(5)switchBack

要注意的是,数据使用栈数据结构保存的。所以如果A --> B, B-->C, 那么C要调用两次releaseRunAs()才能切换回A。

同样,Subject. getPreviousPrincipals()得到上一次切换到的身份,比如当前是 C;那么调用该 API将得到 B 的身份。

 1 @RequestMapping("/switchBack")
 2     public String switchBack(RedirectAttributes redirectAttributes) {
 3 
 4         Subject subject = SecurityUtils.getSubject();
 5 
 6         if(subject.isRunAs()) {//现在是切换的身份中
 7            //切换至上一个身份
 8            subject.releaseRunAs();
 9         }
10         redirectAttributes.addFlashAttribute("msg", "操作成功");
11         redirectAttributes.addFlashAttribute("needRefresh", "true");
12         return "redirect:/runas";
13     }

 

综上可知:

要区分,授予身份与切换身份。

1.A授予身份时

1 首先判定是不是给自己授予身份
2 如果不是,就调用这句话:userRunAsService.grantRunAs(loginUser.getId(), toUserId);
3 而这句话,执行的sql语句是:String sql = "insert into sys_user_runas(from_user_id, to_user_id) values (?,?)";
4 即它只是在数据库的runas表里插入了一条(A,B)记录。

 

2.回收身份时,类似,只是删除了一条(A,B)记录。

 

3.A切换身份至B时

1 先找到这个要切换的B,确认存在并且不等于A
2 然后判定B是否被A授予了身份,执行的sql是:String sql = "select count(1) from sys_user_runas where from_user_id=? and to_user_id=?"; 即判定关系(A,B)是否存在。
3 然后进行身份的切换:subject.runAs(new SimplePrincipalCollection(switchToUser.getUsername(), ""));

 

4.B切换回A时

先判定这个身份是不是被授予的身份:subject.isRunAs()
然后切换回上一个(从栈数据中拿上一个身份的信息):subject.releaseRunAs();

 

即,身份的切换是shiro帮我们做好的。我们要做的就是,维护 (fromUserId,toUserId)的关系。换句话说,授予身份由我们完成,切换身份由shiro完成。

posted @ 2017-02-15 17:12  七月流火嗞嗞嗞  阅读(758)  评论(0编辑  收藏  举报