声明:本证项目基于《Java-Shiro(六):Shiro Realm讲解(三)Realm的自定义及应用》构建项目为基础。
我们知道如果是采用jsp视图引擎,直接在jsp中加入shiro的tag就可以,然而在thymeleaf视图引擎下,并未有shiro的tag lib。实际上目前shiro+Thymeleaf的html页面中shiro标签方式验证已经有人实现了并将代码用法放到了github上,具体请参考:《thymeleaf-extras-shiro》。
下边将结合《thymeleaf-extras-shiro》与springmvc集成实现thymeleaf中html中加验证shiro验证标签的用法进行讲解,具体内容分为以下几部分:
1)引入依赖
2)需要修改哪些配置?
3)如何使用?
1)引入依赖
引入thymeleaf-extras-shiro依赖到pom中
<dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>${thymeleaf-shiro.version}</version> </dependency>
上边${thymeleaf-shiro.version}是thymelef-extras-shiro的版本,目前最新版本是2.0.0。
更多版本请参考:《https://github.com/theborakompanioni/thymeleaf-extras-shiro/releases》
2)修改配置
2.1)xml方式配置
需要在springmvc-servlet.xml配置文件中引入thymeleaf依赖外,需要在templateEngine bean下设置additionalDialects属性:
<bean id="templateEngine" class="org.thymeleaf.spring5.SpringTemplateEngine"> <property name="templateResolver" ref="templateResolver" /> <property name="additionalDialects"> <set> <bean class="at.pollux.thymeleaf.shiro.dialect.ShiroDialect"/> </set> </property> </bean>
注意:这个dialect是核心配置,缺少这个thymeleaf页面中的标签将无法解析。
2.2)SpringMVC或者SpringBoot注解方式配置
@Bean public SpringTemplateEngine templateEngine() { SpringTemplateEngine templateEngine = new SpringTemplateEngine();
templateEngine.setTemplateResolver(templateResolver()); Set<IDialect> additionalDialects = new HashSet<IDialect>(); additionalDialects.add(new ShiroDialect()); templateEngine.setAdditionalDialects(additionalDialects); return templateEngine; }
3)在thymeleaf的html页面中使用shiro验证标签
3.1)在html文件头的<html>标签做修改
<!DOCTYPE html> <html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
Example
<!DOCTYPE html> <html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro"> <head> <title>thymeleaf-extras-shiro</title> </head> <body> <p shiro:guest="">Please <a href="login.html">login</a></p> <p shiro:authenticated=""> Hello, <span shiro:principal=""></span>, how are you today? </p> </body> </html>
3.2)html标签(例如:a/tr/td/p等) shiro:hasPermission="article:query" 标签使用
具体参考官网:《https://github.com/theborakompanioni/thymeleaf-extras-shiro》
The guest
tag
<p shiro:guest=""> Please <a href="login.html">Login</a> </p>
The user
tag
<p shiro:user=""> Welcome back John! Not John? Click <a href="login.html">here<a> to login. </p>
The authenticated
tag
<a shiro:authenticated="" href="updateAccount.html">Update your contact information</a>
The notAuthenticated
tag
<p shiro:notAuthenticated=""> Please <a href="login.html">login</a> in order to update your credit card information. </p>
The principal
tag
<p>Hello, <span shiro:principal=""></span>, how are you today?</p>
or
<p>Hello, <shiro:principal/>, how are you today?</p>
Typed principal and principal property are also supported.
The hasRole
tag
<a shiro:hasRole="administrator" href="admin.html">Administer the system</a>
The lacksRole
tag
<p shiro:lacksRole="administrator"> Sorry, you are not allowed to administer the system. </p>
The hasAllRoles
tag
<p shiro:hasAllRoles="developer, project manager"> You are a developer and a project manager. </p>
The hasAnyRoles
tag
<p shiro:hasAnyRoles="developer, project manager, administrator"> You are a developer, project manager, or administrator. </p>
The hasPermission
tag
<a shiro:hasPermission="user:create" href="createUser.html">Create a new User</a>
The lacksPermission
tag
<p shiro:lacksPermission="user:delete"> Sorry, you are not allowed to delete user accounts. </p>
The hasAllPermissions
tag
<p shiro:hasAllPermissions="user:create, user:delete"> You can create and delete users. </p>
The hasAnyPermissions
tag
<p shiro:hasAnyPermissions="user:create, user:delete"> You can create or delete users. </p>
3.3)和jsp页面一样的shiro:hasPermission标签使用
实际上和Jsp页面中的验证标签一致,而且与上边基本一致,去掉html标签改写为:
<shiro:hasPermission name="user:create"> <p>test</p> </shiro:hasPermission>
具体参考shiro官网:《http://shiro.apache.org/web.html#jsp-gsp-tag-library》
3.4)javascript中使用hasPermission标签
需要自定义@Component,例如:
package com.dx.test.shiro; import org.apache.shiro.SecurityUtils; import org.springframework.stereotype.Component; /** * js调用 thymeleaf 实现按钮权限 */ @Component("perms") public class PermsService { public boolean hasPerm(String permission) { return SecurityUtils.getSubject().isPermitted(permission); } }
其需要在applicationContext-*.xml中,添加扫描包组件确保能扫描到该包:
<context:component-scan base-package="com.dx.test.shiro"></context:component-scan>
Js中使用示例:
<script> var editFlag = "[[${@perms.hasPerm('user:edit')}]]"; var deleteFlag = "[[${@perms.hasPerm('user:delete')}]]"; var assignRoleFlag="[[${@perms.hasPerm('user:assignRole')}]]"; // 其他业务 </script>