Velocity模版进行shiro验证

先在Spring配置Velocity视图解析器

<!-- Velocity视图解析器 默认视图 -->
	<bean id="velocityViewResolver"
		class="org.springframework.web.servlet.view.velocity.VelocityViewResolver">
		<property name="contentType" value="text/html;charset=UTF-8" />
		<property name="viewNames" value="*.html" />
		<property name="suffix" value="" />
		<property name="dateToolAttribute" value="date" />
		<property name="numberToolAttribute" value="number" />
		<property name="toolboxConfigLocation" value="/WEB-INF/velocity-toolbox.xml" />
		<property name="requestContextAttribute" value="rc" />
		<property name="order" value="0" />
	</bean>

	<bean id="velocityConfigurer"
		class="org.springframework.web.servlet.view.velocity.VelocityConfigurer">
		<property name="resourceLoaderPath" value="/WEB-INF/page/" />
		<property name="velocityProperties">
			<props>
				<prop key="input.encoding">UTF-8</prop>
				<prop key="output.encoding">UTF-8</prop>
				<prop key="contentType">text/html;charset=UTF-8</prop>
			</props>
		</property>
	</bean>

在WEB-INF文件夹创建velocity-toolbox.xml

<?xml version="1.0" encoding="UTF-8" ?>
<toolbox>
	<!-- velocity 自定义标签 -->
	<tool>
	    <key>shiro</key>
	    <scope>application</scope>
	    <class>com.wstro.shiro.VelocityShiro</class>
	</tool>
</toolbox>

再来看

com.wstro.shiro.VelocityShiro

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Shiro权限标签(Velocity版)
 * 
 * @author chenshun
 * @email sunlightcs@gmail.com
 * @date 2016年12月3日 下午11:32:47
 */
public class VelocityShiro {

	private Logger logger = LoggerFactory.getLogger(getClass());

	/**
	 * 是否拥有该权限
	 * 
	 * @param permission
	 *            权限标识
	 * @return true：是 false：否
	 */
	public boolean hasPermission(String permission) {
		logger.info(permission);
		Subject subject = SecurityUtils.getSubject();
		return subject != null && subject.isPermitted(permission);
	}

	/**
	 * 是否拥有该权限
	 * 
	 * @param permission
	 *            权限标识
	 * @return true：是 false：否
	 */
	public static boolean hasPermissionInMethod(String permission) {
		Subject subject = SecurityUtils.getSubject();
		return subject != null && subject.isPermitted(permission);
	}

}

ShiroUtils工具类

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;

import com.wstro.entity.SysUserEntity;

/**
 * Shiro工具类
 * 
 * @author chenshun
 * @email sunlightcs@gmail.com
 * @date 2016年11月12日 上午9:49:19
 */
public class ShiroUtils {

	public static Session getSession() {
		return SecurityUtils.getSubject().getSession();
	}

	public static Subject getSubject() {
		return SecurityUtils.getSubject();
	}

	public static SysUserEntity getUserEntity() {
		return (SysUserEntity)SecurityUtils.getSubject().getPrincipal();
	}

	public static Long getUserId() {
		return getUserEntity().getUserId();
	}
	
	public static void setSessionAttribute(Object key, Object value) {
		getSession().setAttribute(key, value);
	}

	public static Object getSessionAttribute(Object key) {
		return getSession().getAttribute(key);
	}

	public static boolean isLogin() {
		return SecurityUtils.getSubject().getPrincipal() != null;
	}

	public static void logout() {
		SecurityUtils.getSubject().logout();
	}
	
	public static String getKaptcha(String key) {
		String kaptcha = getSessionAttribute(key).toString();
		getSession().removeAttribute(key);
		return kaptcha;
	}

}

前台Velocity模版直接调用就可以

#if($shiro.hasPermission("sys:project${projectcategory}:save")) <a
					class="btn btn-primary" @click="add"><i class="fa fa-plus"></i>新增</a>
				#end

这里只实现了Permission验证。如果要多个自己可以模仿这个

还有 freemarker中使用shiro标签