自定义（补充）shiro标签

shiro提供了jsp标签用于页面上的权限控制，有hasAnyRoles,hasPermission等标签，但是却没提供hasAnyPermission标签，有点不大方便。

这时候我们完全可以仿照shiro的源码，进行照猫画虎，扩充一下。

shiro的标签定义文件在shiro-all.jar下的META-INF目录下的shiro.tld中，打开文件后我们可以看到如下标签的定义：

<taglib>
  <tlib-version>1.1.2</tlib-version>
  <jsp-version>1.2</jsp-version>
  <short-name>Apache Shiro</short-name>
  <uri>http://shiro.apache.org/tags</uri>
  <description>Apache Shiro JSP Tag Library.</description>
  <tag>
    <name>hasPermission</name>
    <tag-class>org.apache.shiro.web.tags.HasPermissionTag</tag-class>
    <body-content>JSP</body-content>
    <description>Displays body content only if the current Subject (user)
      'has' (implies) the specified permission (i.e the user has the specified ability).
    </description>
    <attribute>
      <name>name</name>
      <required>true</required>
      <rtexprvalue>true</rtexprvalue>
    </attribute>
  </tag>
  <tag>
    <name>hasAnyRoles</name>
    <tag-class>org.apache.shiro.web.tags.HasAnyRolesTag</tag-class>
    <body-content>JSP</body-content>
    <description>Displays body content only if the current user has one of the specified roles from a
      comma-separated list of role names.
    </description>
    <attribute>
      <name>name</name>
      <required>true</required>
      <rtexprvalue>true</rtexprvalue>
    </attribute>
  </tag>
</taglib>

该文件中定义了每个标签的名字和相应的标签的实现类。我们要补充一个hasAnyPermission的标签，该标签的逻辑和hasAnyRoles有些类似。我们先打开hasAnyRoles的实现类看看，然后照猫画虎做一个hasAnyPermission的标签。

package org.apache.shiro.web.tags;
import org.apache.shiro.subject.Subject;
public class HasAnyRolesTag extends RoleTag {
    private static final String ROLE_NAMES_DELIMETER = ",";
    public HasAnyRolesTag() {
    }
    protected boolean showTagBody(String roleNames) {
        boolean hasAnyRole = false;
        Subject subject = getSubject();
        if (subject != null) {
            for (String role : roleNames.split(ROLE_NAMES_DELIMETER)) {
                if (subject.hasRole(role.trim())) {
                    hasAnyRole = true;
                    break;
                }
            }
        }
        return hasAnyRole;
    }
}

以上是hasAnyRolesTag的实现类，我们仿照这个实现hasAnyPermission:

package org.apache.shiro.web.tags;
import org.apache.shiro.subject.Subject;
public class HasAnyPermissionTag extends PermissionTag {
	private static final long serialVersionUID = 1L;
	private static final String PERMISSION_NAMES_DELIMETER = ",";
	public HasAnyPermissionTag() {
	}
	@Override
	protected boolean showTagBody(String permissions) {
		boolean hasAnyPermission = false;
		Subject subject = getSubject();
		if (subject != null) {
			for (String permission : permissions
					.split(PERMISSION_NAMES_DELIMETER)) {
				if (subject.isPermitted(permission.trim())) {
					hasAnyPermission = true;
					break;
				}
			}
		}
		return hasAnyPermission;
	}
}

将该源代码编译成class字节码文件，扔进jar包的\org\apache\shiro\web\tags目录下
并在jar包里的shiro.tld文件中加入以下代码指定标签：

  <tag>
    <name>hasAnyPermission</name>
    <tag-class>org.apache.shiro.web.tags.HasAnyPermissionTag</tag-class>
    <body-content>JSP</body-content>
    <description>Displays body content only if the current Subject (user)
      'has' (implies) one of the specified permission (i.e the user has the specified ability) form a list of permissions.
    </description>
    <attribute>
      <name>name</name>
      <required>true</required>
      <rtexprvalue>true</rtexprvalue>
    </attribute>
  </tag>

OK，搞定，到页面上测试一下：

<shiro:hasAnyPermission name="sys_config:policy,
				sys_config:server,
				sys_config:logdown,
				sys_config:keyword,
				sys_config:audit,
				sys_config:sysinfo">
	<li id="4"><a href="javascript:changeMainMenu(4)"><i class="tables"></i>系统配置</a></li>
</shiro:hasAnyPermission>

表示如果当前用户拥有以下权限的任何一个权限，那么该菜单就会显示，好的，可以了。

收工。