shiro授权、注解式开发
在ShiroUserMapper.xml中新增内容
<select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r where u.userid = ur.userid and ur.roleid = r.roleid and u.userid = #{userid} </select> <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid and u.userid = #{userid} </select>
Service层
package com.jt.service; import com.jt.model.ShiroUser; import org.apache.ibatis.annotations.Param; import java.util.Set; public interface ShiroUserService { ShiroUser queryByName(@Param("uname") String uname); int insert(ShiroUser record); Set<String> getRolesByUserId(@Param("userid") Integer userid); Set<String> getPersByUserId(@Param("userid") Integer userid); }
ShiroUserServiceImpl
package com.jt.service.impl; import com.jt.mapper.ShiroUserMapper; import com.jt.model.ShiroUser; import com.jt.service.ShiroUserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.Set; @Service("shiroUserService") public class ShiroUserServiceImpl implements ShiroUserService { @Autowired private ShiroUserMapper shiroUserMapper; @Override public ShiroUser queryByName(String uname) { return shiroUserMapper.queryByName(uname); } @Override public int insert(ShiroUser record) { return shiroUserMapper.insert(record); } @Override public Set<String> getRolesByUserId(Integer userid) { return shiroUserMapper.getRolesByUserId(userid); } @Override public Set<String> getPersByUserId(Integer userid) { return shiroUserMapper.getPersByUserId(userid); } }
重写自定义realm中的授权方法
/** * 授权的方法 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String uname=principalCollection.getPrimaryPrincipal().toString(); ShiroUser shiroUser = this.shiroUserService.queryByName(uname); Set<String> perids= this.shiroUserService.getPersByUserId(shiroUser.getUserid()); Set<String> roleIds= this.shiroUserService.getRolesByUserId(shiroUser.getUserid()); SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); info.setRoles(roleIds); info.setStringPermissions(perids); return info; }
注解式开发
常用注解介绍
@RequiresAuthenthentication:表示当前Subject已经通过login进行身份验证;即 Subject.isAuthenticated()返回 true
@RequiresUser:表示当前Subject已经身份验证或者通过记住我登录的
@RequiresGuest:表示当前Subject没有身份验证或者通过记住我登录过,即是游客身份
@RequiresRoles(value = {"admin","user"},logical = Logical.AND):表示当前Subject需要角色admin和user
@RequiresPermissions(value = {"user:delete","user:b"},logical = Logical.OR):表示当前Subject需要权限user:delete或者user:b
注解的使用
Controller层
@RequiresUser @ResponseBody @RequestMapping("/passUser") public String passUser(HttpServletRequest req) { return ",身份认证成功,能够访问!!!"; } @RequiresRoles(value = {"2"},logical = Logical.AND) @ResponseBody @RequestMapping("/passRole") public String passRole(HttpServletRequest req) { return ",角色认证成功,能够访问!!!"; } @RequiresPermissions(value = {"user:update","user:load"},logical = Logical.AND) @ResponseBody @RequestMapping("/passPer") public String passPer(HttpServletRequest req) { return ",权限认证成功,能够访问!!!"; }
springmvc-servlet.xml
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true"></property> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> <property name="exceptionMappings"> <props> <prop key="org.apache.shiro.authz.UnauthorizedException"> unauthorized </prop> </props> </property> <property name="defaultErrorView" value="unauthorized"/> </bean>
Jsp测试代码
<ul> shiro注解 <li> <a href="${pageContext.request.contextPath}/passUser">用户认证</a> </li> <li> <a href="${pageContext.request.contextPath}/passRole">角色</a> </li> <li> <a href="${pageContext.request.contextPath}/passPer">权限认证</a> </li> </ul>
预测结果
zs只能查看身份认证的按钮内容
ls、ww可以看权限认证按钮内容
zdm可以看所有按钮的内容