shiro授权角色、权限
在ShiroUserMapper.xml中新增内容
<select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r where u.userid = ur.userid and ur.roleid = r.roleid and u.userid = #{userid} </select> <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select p.perid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid and u.userid = #{userid} </select>
mapper接口
/** * 查询角色id */ Set<String> getRolesByUserId(@Param("userid")Integer userid); /** * 查询权限id * @param userid * @return */ Set<String> getPersByUserId(@Param("userid")Integer userid);
Service层
package com.huang.service; import com.huang.model.ShiroUser; import java.util.Set; /** * @auther 宇晨 * @company * @create 2019-11-03-21:31 */ public interface ShiroUserService { ShiroUser queryByName(String uname); int insert(ShiroUser record); Set<String> getRolesByUserId(Integer userid); Set<String> getPersByUserId(Integer userid); }
package com.huang.service.impl; import com.huang.mapper.ShiroUserMapper; import com.huang.model.ShiroUser; import com.huang.service.ShiroUserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.Set; /** * @auther 宇晨 * @company * @create 2019-11-03-21:32 */ @Service("shiroUserService") public class ShiroUserServiceImpl implements ShiroUserService { @Autowired private ShiroUserMapper shiroUserMapper; @Override public ShiroUser queryByName(String uname) { return shiroUserMapper.queryByName(uname); } @Override public int insert(ShiroUser record) { return shiroUserMapper.insert(record); } @Override public Set<String> getRolesByUserId(Integer userid) { return shiroUserMapper.getRolesByUserId(userid); } @Override public Set<String> getPersByUserId(Integer userid) { return shiroUserMapper.getPersByUserId(userid); } }
重写自定义realm中的授权方法
/** * 授权的方法 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String uname = principalCollection.getPrimaryPrincipal().toString(); ShiroUser shiroUser = this.shiroUserService.queryByName(uname); Set<String> perids = this.shiroUserService.getPersByUserId(shiroUser.getUserid()); Set<String> roleids = this.shiroUserService.getRolesByUserId(shiroUser.getUserid()); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setRoles(roleids); info.setStringPermissions(perids); return info; }
注解式开发
常用注解介绍
@RequiresAuthenthentication:表示当前Subject已经通过login进行身份验证;即 Subject.isAuthenticated()返回 true @RequiresUser:表示当前Subject已经身份验证或者通过记住我登录的 @RequiresGuest:表示当前Subject没有身份验证或者通过记住我登录过,即是游客身份 @RequiresRoles(value = {"admin","user"},logical = Logical.AND):表示当前Subject需要角色admin和user @RequiresPermissions(value = {"user:delete","user:b"},logical = Logical.OR):表示当前Subject需要权限user:delete或者user:b
注解的使用
Controller层
/** * 用户必须登录后才能请求 * @return */ @RequiresUser @ResponseBody @RequestMapping("/passUser") public String passUser(){ return "身份认证成功,能够访问!!!"; } /** * 用户必须拥有角色id为1和4 的这两个角色 * @return */ @RequiresRoles(value={"1","6"},logical = Logical.OR) @ResponseBody @RequestMapping("/passRole") public String passRole(){ return "角色认证成功,能够访问!!!"; } /** * 用户必须拥有 user:update 或 user:view 权限才能访问 * @return */ @RequiresPermissions(value = {"user:updata","user.load"},logical = Logical.AND) @ResponseBody @RequestMapping("/passPer") public String passPer(){ return "权限认证成功,能够访问!!!"; }
springmvc.xml
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true"></property> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> <property name="exceptionMappings"> <props> <prop key="org.apache.shiro.authz.UnauthorizedException"> unauthorized </prop> </props> </property> <property name="defaultErrorView" value="unauthorized"/> </bean>
jsp代码测试
<ul> shiro注解 <li> <a href="${pageContext.request.contextPath}/passUser">用户认证</a> </li> <li> <a href="${pageContext.request.contextPath}/passRole">角色</a> </li> <li> <a href="${pageContext.request.contextPath}/passPer">权限认证</a> </li> </ul>
预测结果
zs只能查看身份认证的按钮内容
ls、ww可以看权限认证按钮内容
zdm可以看所有按钮的内容