shiro授权和注解式开发

1、shiro授权角色、权限

2、Shiro的注解式开发

ShiroUserMapper.xml

 1 <select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer">
 2   select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r
 3     where u.userid = ur.userid and ur.roleid = r.roleid
 4     and u.userid = #{userid}
 5 </select>
 6 <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer">
 7   select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p
 8   where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid
 9   and u.userid = #{userid}
10 </select>

ShiroUserService

 1 /**
 2      * 查询角色
 3      * @param userid
 4      * @return
 5      */
 6     Set<String> getRolesByUserId(Integer userid);
 7
 8     /**
 9      * 查询角色权限
10      * @param userid
11      * @return
12      */
13     Set<String> getPersByUserId(Integer userid);

service实现类

 @Override
    public Set<String> getRolesByUserId(Integer userid) {
        return shiroUserMapper.getRolesByUserId(userid);
    }

    @Override
    public Set<String> getPersByUserId(Integer userid) {
        return shiroUserMapper.getPersByUserId(userid);
    }

重写自定义realm中的授权方法

 1  /*
 2         授权的方法
 3          */
 4     @Override
 5     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
 6         String uname = principalCollection.getPrimaryPrincipal().toString();
 7         ShiroUser shiroUser = this.shiroUserService.queryByName(uname);
 8         Set<String> perids = this.shiroUserService.getPersByUserId(shiroUser.getUserid());
 9         Set<String> roleIds = this.shiroUserService.getRolesByUserId(shiroUser.getUserid());
10         SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
11         info.setRoles(roleIds);
12         info.setStringPermissions(perids);
13         return info;
14
15     }

 

注解式开发

  @RequiresUser:表示当前Subject已经身份验证或者通过记住我登录的

  @RequiresGuest:表示当前Subject没有身份验证或者通过记住我登录过,即是游客身份

  @RequiresRoles(value = {"admin","user"},logical = Logical.AND):表示当前Subject需要角色admin和user

  @RequiresPermissions(value = {"user:delete","user:b"},logical = Logical.OR):表示当前Subject需要权限user:delete或者user:b

Controller层

 1 @RequiresUser
 2 @ResponseBody
 3 @RequestMapping("/passUser")
 4     public String passUser(){
 5
 6     return "身份认证成功,能够访问!!!";
 7     }
 8
 9     @RequiresRoles(value = {"2","3"}, logical = Logical.OR) //value:不同或者多个的角色,logical:value值的拼接方式可以是AND或者OR
10     @ResponseBody
11     @RequestMapping("/passRole")
12     public String passRole(){
13
14         return "角色认证成功,能够访问!!!";
15     }
16
17     @RequiresPermissions(value = {"user:update","user:create"}, logical = Logical.OR)
18     @ResponseBody
19     @RequestMapping("/passPer")
20     public String passPer(){
21
22         return "权限认证成功,能够访问!!!";
23     }

springmvc-servlet.xml

 1 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
 2       depends-on="lifecycleBeanPostProcessor">
 3     <property name="proxyTargetClass" value="true"></property>
 4 </bean>
 5 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
 6     <property name="securityManager" ref="securityManager"/>
 7 </bean>
 8
 9 <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
10     <property name="exceptionMappings">
11         <props>
12             <prop key="org.apache.shiro.authz.UnauthorizedException">
13                 unauthorized
14             </prop>
15         </props>
16     </property>
17     <property name="defaultErrorView" value="unauthorized"/>
18 </bean>

在main.jsp中添加

 1 <ul>
 2     shiro注解
 3     <li>
 4         <a href="${pageContext.request.contextPath}/passUser">用户认证</a>
 5     </li>
 6     <li>
 7         <a href="${pageContext.request.contextPath}/passRole">角色</a>
 8     </li>
 9     <li>
10         <a href="${pageContext.request.contextPath}/passPer">权限认证</a>
11     </li>
12 </ul>

用户zs身份认证,未认证。登录即可访问

用户ls角色认证,不同角色有不同的访问权限,即使zs登录也不可以访问此页面

权限认证结果图同上,
  从代码来看
             @RequiresPermissions(value = {"user:update","user:create"}, logical = Logical.OR)
    @ResponseBody
    @RequestMapping("/passPer")
    public String passPer(){

        return "权限认证成功,能够访问!!!";
    }

拥有  "user:update","user:create"  这两个权限的即可访问此页面。从顶部的图中可以看出那些用户对应了哪些权限。

谢谢观看!!!

01-07 00:56