• 3. shiro- 权限认证


    3. shiro- 权限认证

    #在rememberMe的基础上修改CustomizeRealm

        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
            if (ObjectUtils.isEmpty(principals)){
                throw new UnknownAccountException();
            }
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
            //从pricipals中获取登入的用户信息
            String username = principals.getPrimaryPrincipal().toString();
            User user = userService.queryUser(username);
            for (Role role : user.getRoles()) {
                //获取角色,并给用户添加角色
                info.addRole(role.getRole());
                for (Perm perm : role.getPerms()) {
                    //获取角色对应的权限,并给用户添加权限
                    info.addStringPermission(perm.getPerm());
                }
            }
            return info;
        }
    

    #添加一个controller

    /**
     * 在访问api时 shiro会根据@RequiresRoles和@RequiresPermission调用doGetAuthorizationInfo()
     */
    @Slf4j
    @RestController
    //如果没有指定method,@RequestMapping会接收所有类型的请求
    @RequestMapping("/user")
    public class UserController {
        @Autowired
        private IUserService userService;
        @RequiresRoles("admin")
        @RequiresPermissions("user:add")
        @PostMapping
        public String save(User user) {
            userService.save(user);
            return "添加成功";
        }
        @RequiresPermissions("user:delete")
        @RequiresRoles("admin")
        @ResponseBody
        @DeleteMapping("/{id}")
        public String remove(@PathVariable("id") Integer id) {
            userService.removeById(id);
            return "删除成功";
        }
        @RequiresPermissions("user:update")
        //logical.OR表示二者中的一个即可
        @RequiresRoles(value = {"teacher","admin"},logical = Logical.OR)
        @ResponseBody
        @PutMapping
        public String update(User user) {
            userService.updateById(user);
            return "更新成功";
        }
        @RequiresPermissions("user:select")
        @ResponseBody
        @GetMapping
        public List<User> list() {
            List<User> list = userService.list();
            System.out.println(list);
            return list;
        }
        @RequiresPermissions("user:select")
        @RequiresRoles(value = {"teacher","student","admin"},logical = Logical.OR)
        @GetMapping("/{id}")
        public User get(@PathVariable("id") Integer id) {
            //这里调用的只是mybatis-plus封装的方法所以不会打印出集合的信息
            User user = userService.getById(id);
            System.out.println(user);
            return user;
        }
    }
    

    #修改yml

      mvc:
        hiddenmethod:
          filter:
            enabled: true
    

    #修改index.html

    <!--templates下的只能通过controller访问-->
    <a shiro:guest="" th:href="@{/login}">登入</a>
    
    <form shiro:authenticated="" th:action="@{/user}" method="post">
        <input type="text" name="name" placeholder="用户名">
        <br>
        <input type="password" name="password" placeholder="密码">
        <br>
        <input type="submit" value="添加用户">
    </form>
    <hr>
    <form shiro:authenticated="" th:action="@{/user/}" method="post">
        <input type="hidden" name="_method" value="delete">
        <input type="text" name="id" placeholder="id">
        <br>
        <input type="submit" value="删除用户">
    </form>
    <hr>
    <form shiro:authenticated="" th:action="@{/user}" method="post">
        <input type="hidden" name="_method" value="PUT">
        <br>
        <input type="text" name="id" placeholder="id">
        <br>
        <input type="text" name="name" placeholder="用户名">
        <br>
        <input type="password" name="password" placeholder="密码">
        <input type="submit" value="更新用户">
    </form>
    <hr>
    <form shiro:authenticated="" th:action="@{/user}" method="get">
        <input type="submit" value="查询所有用户">
    </form>
    <hr>
    <form shiro:authenticated="" th:action="@{/user/}" method="get">
        <input type="text" name="id" placeholder="id">
        <br>
        <input type="submit" value="查询用户">
    </form>
    <a th:href="@{/logout}">注销</a>
    </body>
    <script>
        $("input[type='submit']").mousedown(function () {
            var parent = $(this).parent();
            var action = parent.attr("action");
            console.log(action);
            var children = parent.children("input[name='id']");
            //children是一个数组
            if (children.length == 0) {
                return;
            }
            //拼接获取到的值
            var jQuery = parent.attr("action", action + children.val());
            console.log(jQuery)
        });
    

    #添加一个没有权限认证的异常处理器

    @ControllerAdvice
    public class ShiroHandler {
        @ExceptionHandler(AuthorizationException.class)
        private ModelAndView handleAuthorizationException(AuthorizationException e) {
            HashMap<String, Object> map = new HashMap<>();
            map.put("msg", "你没有权限这么做");
            //如果要自定义传属性到getAttributes()中必须通过这种方法,不能通过@RequestStatus
            map.put("javax.servlet.error.status_code", HttpStatus.FORBIDDEN.value());
            return new ModelAndView("forward:/error", map);
        }
    }
    

    相应的错误页面

    <body>
    <div>[[${msg}]]</div>
    <a th:href="@{/index}">首页</a>
    </body>
    
  • 相关阅读:
    开通了
    A computer hardware platform abstraction
    脑机接口入门概览
    JDK自带VM分析工具jps,jstat,jmap,jconsole
    泛型里的super和extend
    动态规划
    用二分法查找的套路(一)
    A computer hardware platform abstraction
    CentOS7安装JDK1.8
    CentOS7如何修改hostname
  • 原文地址:https://www.cnblogs.com/kikochz/p/12835306.html
Copyright © 2020-2023  润新知