shiro受權+註解式開發

shiro受權和註解式開發

 

一、shiro受權角色、權限

二、Shiro的註解式開發

ShiroUserMapper.xml

 1 <select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer">
 2   select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r
 3     where u.userid = ur.userid and ur.roleid = r.roleid
 4     and u.userid = #{userid}
 5 </select>
 6 <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer">
 7   select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p
 8   where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid
 9   and u.userid = #{userid}
10 </select>

 

ShiroUserService

 1 /**
 2      * 查詢角色
 3      * @param userid
 4      * @return
 5      */
 6     Set<String> getRolesByUserId(Integer userid);
 7 
 8     /**
 9      * 查詢角色權限
10      * @param userid
11      * @return
12      */
13     Set<String> getPersByUserId(Integer userid);

service實現類

 @Override
    public Set<String> getRolesByUserId(Integer userid) {
        return shiroUserMapper.getRolesByUserId(userid);
    }

    @Override
    public Set<String> getPersByUserId(Integer userid) {
        return shiroUserMapper.getPersByUserId(userid);
    }

重寫自定義realm中的受權方法

 1  /*
 2         受權的方法
 3          */
 4     @Override
 5     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
 6         String uname = principalCollection.getPrimaryPrincipal().toString();
 7         ShiroUser shiroUser = this.shiroUserService.queryByName(uname);
 8         Set<String> perids = this.shiroUserService.getPersByUserId(shiroUser.getUserid());
 9         Set<String> roleIds = this.shiroUserService.getRolesByUserId(shiroUser.getUserid());
10         SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
11         info.setRoles(roleIds);
12         info.setStringPermissions(perids);
13         return info;
14 
15     }

 

註解式開發

 

  @RequiresUser:表示當前Subject已經身份驗證或者經過記住我登陸的

  @RequiresGuest:表示當前Subject沒有身份驗證或者經過記住我登陸過，便是遊客身份

  @RequiresRoles(value = {"admin","user"},logical = Logical.AND):表示當前Subject須要角色admin和user

  @RequiresPermissions(value = {"user:delete","user:b"},logical = Logical.OR):表示當前Subject須要權限user:delete或者user:b

 

Controller層

 1 @RequiresUser
 2 @ResponseBody
 3 @RequestMapping("/passUser")
 4     public String passUser(){
 5 
 6     return "身份認證成功，可以訪問！！！";
 7     }
 8 
 9     @RequiresRoles(value = {"2","3"}, logical = Logical.OR) //value：不一樣或者多個的角色，logical：value值的拼接方式能夠是AND或者OR
10     @ResponseBody
11     @RequestMapping("/passRole")
12     public String passRole(){
13 
14         return "角色認證成功，可以訪問！！！";
15     }
16 
17     @RequiresPermissions(value = {"user:update","user:create"}, logical = Logical.OR)
18     @ResponseBody
19     @RequestMapping("/passPer")
20     public String passPer(){
21 
22         return "權限認證成功，可以訪問！！！";
23     }

 

springmvc-servlet.xml

 1 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
 2       depends-on="lifecycleBeanPostProcessor">
 3     <property name="proxyTargetClass" value="true"></property>
 4 </bean>
 5 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
 6     <property name="securityManager" ref="securityManager"/>
 7 </bean>
 8 
 9 <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
10     <property name="exceptionMappings">
11         <props>
12             <prop key="org.apache.shiro.authz.UnauthorizedException">
13                 unauthorized
14             </prop>
15         </props>
16     </property>
17     <property name="defaultErrorView" value="unauthorized"/>
18 </bean>

 

在main.jsp中添加

 1 <ul>
 2     shiro註解
 3     <li>
 4         <a href="${pageContext.request.contextPath}/passUser">用戶認證</a>
 5     </li>
 6     <li>
 7         <a href="${pageContext.request.contextPath}/passRole">角色</a>
 8     </li>
 9     <li>
10         <a href="${pageContext.request.contextPath}/passPer">權限認證</a>
11     </li>
12 </ul>

 

用戶zs身份認證，未認證。登陸便可訪問

用戶ls角色認證，不一樣角色有不一樣的訪問權限，即便zs登陸也不能夠訪問此頁面

 

 

權限認證結果圖同上， 從代碼來看 @RequiresPermissions(value = {"user:update","user:create"}, logical = Logical.OR) @ResponseBody @RequestMapping("/passPer") public String passPer(){ return "權限認證成功，可以訪問！！！"; } 擁有 "user:update","user:create"  這兩個權限的便可訪問此頁面。從頂部的圖中能夠看出那些用戶對應了哪些權限。

 

謝謝觀看！！！