数据库准备
一般要做权限验证需要五张表 user,user_role,role,role_permission,permission分别对应用户,角色,权限以及两个关联表,用户绑定角色,而权限只和角色有关,例如:
用户1-----角色1----person:query,person:update,person:delete,person:add
用户2-----角色2---person:query
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
DROP TABLE IF EXISTS `permission`;
CREATE TABLE `permission` (
`perid` int(11) NOT NULL AUTO_INCREMENT,
`pername` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`percode` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`perid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 5 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of permission
-- ----------------------------
INSERT INTO `permission` VALUES (1, '用户查询', 'person:query');
INSERT INTO `permission` VALUES (2, '用户添加', 'person:add');
INSERT INTO `permission` VALUES (3, '用户修改', 'person:update');
INSERT INTO `permission` VALUES (4, '用户删除', 'person:delete');
INSERT INTO `permission` VALUES (5, '导出用户', 'person:export');
-- ----------------------------
-- Table structure for role
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role` (
`roleid` int(11) NOT NULL AUTO_INCREMENT,
`rolename` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`roleid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES (1, '超级管理员');
INSERT INTO `role` VALUES (2, 'CEO');
INSERT INTO `role` VALUES (3, '保安');
-- ----------------------------
-- Table structure for role_permission
-- ----------------------------
DROP TABLE IF EXISTS `role_permission`;
CREATE TABLE `role_permission` (
`perid` int(255) NULL DEFAULT NULL,
`roleid` int(11) NULL DEFAULT NULL
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of role_permission
-- ----------------------------
INSERT INTO `role_permission` VALUES (1, 1);
INSERT INTO `role_permission` VALUES (2, 1);
INSERT INTO `role_permission` VALUES (3, 1);
INSERT INTO `role_permission` VALUES (4, 1);
INSERT INTO `role_permission` VALUES (1, 2);
INSERT INTO `role_permission` VALUES (2, 2);
INSERT INTO `role_permission` VALUES (3, 2);
INSERT INTO `role_permission` VALUES (1, 3);
INSERT INTO `role_permission` VALUES (5, 3);
-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`userid` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`userpwd` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`sex` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`address` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`userid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES (1, 'zhangsan', '639ffb0cbcca39d4fff8348844b1974e', '男', '武汉');
INSERT INTO `user` VALUES (2, 'lisi', '0d303fa8e2e2ca98555f23a731a58dd9', '女', '北京');
INSERT INTO `user` VALUES (3, 'wangwu', '473c41db9af5cc0d90e7adfd2b6d9180', '女', '成都');
-- ----------------------------
-- Table structure for user_role
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (
`userid` int(11) NULL DEFAULT NULL,
`roleid` int(11) NULL DEFAULT NULL
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES (1, 1);
INSERT INTO `user_role` VALUES (2, 2);
INSERT INTO `user_role` VALUES (3, 3);
SET FOREIGN_KEY_CHECKS = 1;
shiro的spring配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- 声明凭证匹配器 -->
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="md5"></property>
<property name="hashIterations" value="2"></property>
</bean>
<!-- 声明userRealm -->
<bean id="userRealm" class="com.sxt.realm.UserRealm">
<!-- 注入凭证匹配器 -->
<property name="credentialsMatcher" ref="credentialsMatcher"></property>
</bean>
<!-- 配置SecurityManager -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 注入realm -->
<property name="realm" ref="userRealm"></property>
</bean>
<!-- 配置shiro的过滤器 这里面的id必须和web.xml里面的配置一样 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" >
<!-- 注入安全管理器 -->
<property name="securityManager" ref="securityManager"></property>
<!-- 注入未登陆的跳转页面 默认的是webapp/login.jsp-->
<property name="loginUrl" value="/index.jsp"></property>
<!-- 注入未授权的访问页面 -->
<property name="unauthorizedUrl" value="/unauthorized.jsp"></property>
<!-- 配置过滤器链 -->
<property name="filterChainDefinitions">
<value>
<!-- 放行index.jsp -->
/index.jsp*=anon
<!-- 放行跳转到登陆页面的路径 -->
/login/toLogin*=anon
<!-- 放行登陆的请求 -->
/login/login*=anon
<!-- 设置登出的路径 -->
/login/logout*=logout
<!-- 设置其它路径全部拦截 -->
/**=authc
</value>
</property>
</bean>
</beans>
其他的配置文件,就不写了,和普通的spring项目差不多,然后创建三个service,三个Mapper文件
#查询用户名是否存在
select * from user where username=#{username}
#根据用户id查询对应的角色
SELECT t1.* FROM role t1 INNER JOIN `user_role` t2 ON t1.roleid = t2.roleid WHERE t2.userid =#{userid}
#根据用户id查询对应的权限
SELECT t1.* FROM
permission t1
INNER JOIN `user_role` t2
INNER JOIN role_permission t3 ON t2.roleid = t3.roleid
AND t1.perid = t3.perid
WHERE
t2.userid =#{userid}
创建ActivierUser
方便封装
public class ActivierUser {
private User user;
private List<String> roles;
private List<String> permissions;
public ActivierUser() {
}
public ActivierUser(User user, List<String> roles, List<String> permissions) {
super();
this.user = user;
this.roles = roles;
this.permissions = permissions;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
public List<String> getRoles() {
return roles;
}
public void setRoles(List<String> roles) {
this.roles = roles;
}
public List<String> getPermissions() {
return permissions;
}
public void setPermissions(List<String> permissions) {
this.permissions = permissions;
}
}
创建自定义的UserRealm
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Autowired
private RoleService roleService;
@Autowired
private PermissionService permissionService;
@Override
public String getName() {
return this.getClass().getSimpleName();
}
/*
*
* 授权
* */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
ActivierUser activierUser = (ActivierUser) principalCollection.getPrimaryPrincipal();
List<String> permissions = activierUser.getPermissions();
List<String> roles = activierUser.getRoles();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
if (roles != null && roles.size()>0){
info.addRoles(roles);
}
if (permissions != null && permissions.size()>0){
info.addStringPermissions(permissions);
}
return info;
}
/*
* 认证
* */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//拿到用户名
String username = token.getPrincipal().toString();
//查询用户名是否存在
User user = userService.queryUserByName(username);
if(user == null){
return null;
}
//查询角色和权限
List<Role> roleList = roleService.queryRoleList(user.getUserid().toString());
ArrayList<String> roles = new ArrayList<>();
for (Role role : roleList) {
roles.add(role.getRolename());
}
ArrayList<String> permissions = new ArrayList<>();
List<Permission> permissionList = permissionService.queryPermissionByUserId(user.getUserid().toString());
for (Permission permission : permissionList) {
permissions.add(permission.getPercode());
}
//盐
ByteSource salt = ByteSource.Util.bytes(user.getUsername() + user.getAddress());
ActivierUser activierUser = new ActivierUser(user,roles,permissions);
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(activierUser,user.getUserpwd(),salt,this.getName());
return info;
}
}
Controller层
LoginController.java
@RequestMapping("login")
@Controller
public class LoginController {
/**
* 跳转到登陆页面
*/
@RequestMapping("toLogin")
public String toLogin() {
return "login";
}
/**
* 做登陆
*/
@RequestMapping("login")
public String login(String username,String pwd,
HttpSession session,Model model) throws Exception {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, pwd);
try {
subject.login(token);
ActivierUser activierUser = (ActivierUser) subject.getPrincipal();
session.setAttribute("user",activierUser.getUser());
return "redirect:/login/toUserManager.action";
}catch (IncorrectCredentialsException e) {
System.err.println("密码不正确");
model.addAttribute("error", "密码不正确");
} catch (UnknownAccountException e) {
System.err.println("用户名不存在");
model.addAttribute("error", "用户名不存在");
}
return "redirect:/login.jsp";
}
@RequestMapping("/toUserManager")
public String toUserManager() {
return "list";
}
}
权限控制标签
<shiro:hasPermission name="person:query">
<h1><a href="user/query.action">查询用户</a></h1>
</shiro:hasPermission>
<shiro:hasPermission name="person:add">
<h1><a href="user/add.action">添加用户</a></h1>
</shiro:hasPermission>
<shiro:hasPermission name="person:update">
<h1><a href="user/update.action">修改用户</a></h1>
</shiro:hasPermission>
<shiro:hasPermission name="person:delete">
<h1><a href="user/delete.action">删除用户</a></h1>
</shiro:hasPermission>
<shiro:hasPermission name="person:export">
<h1><a href="user/export.action">导出用户</a></h1>
</shiro:hasPermission>