一、shiro受權角色、權限java
二、Shiro的註解式開發web
ShiroUserMapper.xmlspring
1 <select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> 2 select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r 3 where u.userid = ur.userid and ur.roleid = r.roleid 4 and u.userid = #{userid} 5 </select> 6 <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> 7 select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p 8 where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid 9 and u.userid = #{userid} 10 </select>
ShiroUserServiceapache
1 /** 2 * 查詢角色 3 * @param userid 4 * @return 5 */ 6 Set<String> getRolesByUserId(Integer userid); 7 8 /** 9 * 查詢角色權限 10 * @param userid 11 * @return 12 */ 13 Set<String> getPersByUserId(Integer userid);
service實現類mvc
@Override public Set<String> getRolesByUserId(Integer userid) { return shiroUserMapper.getRolesByUserId(userid); } @Override public Set<String> getPersByUserId(Integer userid) { return shiroUserMapper.getPersByUserId(userid); }
重寫自定義realm中的受權方法app
1 /* 2 受權的方法 3 */ 4 @Override 5 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { 6 String uname = principalCollection.getPrimaryPrincipal().toString(); 7 ShiroUser shiroUser = this.shiroUserService.queryByName(uname); 8 Set<String> perids = this.shiroUserService.getPersByUserId(shiroUser.getUserid()); 9 Set<String> roleIds = this.shiroUserService.getRolesByUserId(shiroUser.getUserid()); 10 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); 11 info.setRoles(roleIds); 12 info.setStringPermissions(perids); 13 return info; 14 15 }
@RequiresUser:表示當前Subject已經身份驗證或者經過記住我登陸的jsp
@RequiresGuest:表示當前Subject沒有身份驗證或者經過記住我登陸過,便是遊客身份ide
@RequiresRoles(value = {"admin","user"},logical = Logical.AND):表示當前Subject須要角色admin和userui
@RequiresPermissions(value = {"user:delete","user:b"},logical = Logical.OR):表示當前Subject須要權限user:delete或者user:bthis
Controller層
1 @RequiresUser 2 @ResponseBody 3 @RequestMapping("/passUser") 4 public String passUser(){ 5 6 return "身份認證成功,可以訪問!!!"; 7 } 8 9 @RequiresRoles(value = {"2","3"}, logical = Logical.OR) //value:不一樣或者多個的角色,logical:value值的拼接方式能夠是AND或者OR 10 @ResponseBody 11 @RequestMapping("/passRole") 12 public String passRole(){ 13 14 return "角色認證成功,可以訪問!!!"; 15 } 16 17 @RequiresPermissions(value = {"user:update","user:create"}, logical = Logical.OR) 18 @ResponseBody 19 @RequestMapping("/passPer") 20 public String passPer(){ 21 22 return "權限認證成功,可以訪問!!!"; 23 }
springmvc-servlet.xml
1 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" 2 depends-on="lifecycleBeanPostProcessor"> 3 <property name="proxyTargetClass" value="true"></property> 4 </bean> 5 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> 6 <property name="securityManager" ref="securityManager"/> 7 </bean> 8 9 <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> 10 <property name="exceptionMappings"> 11 <props> 12 <prop key="org.apache.shiro.authz.UnauthorizedException"> 13 unauthorized 14 </prop> 15 </props> 16 </property> 17 <property name="defaultErrorView" value="unauthorized"/> 18 </bean>
在main.jsp中添加
1 <ul> 2 shiro註解 3 <li> 4 <a href="${pageContext.request.contextPath}/passUser">用戶認證</a> 5 </li> 6 <li> 7 <a href="${pageContext.request.contextPath}/passRole">角色</a> 8 </li> 9 <li> 10 <a href="${pageContext.request.contextPath}/passPer">權限認證</a> 11 </li> 12 </ul>
用戶zs身份認證,未認證。登陸便可訪問
用戶ls角色認證,不一樣角色有不一樣的訪問權限,即便zs登陸也不能夠訪問此頁面
權限認證結果圖同上, 從代碼來看 @RequiresPermissions(value = {"user:update","user:create"}, logical = Logical.OR) @ResponseBody @RequestMapping("/passPer") public String passPer(){ return "權限認證成功,可以訪問!!!"; } 擁有 "user:update","user:create" 這兩個權限的便可訪問此頁面。從頂部的圖中能夠看出那些用戶對應了哪些權限。