SpringBoot+thymeleaf+shiro整合小总结

最新推荐文章于 2022-11-18 14:24:32 发布
最新推荐文章于 2022-11-18 14:24:32 发布
阅读量387 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/GLH508/article/details/104288806
版权

首先确保在不进行shiro整合时正常登录以及拥有权限,然后我们再开始,以下是我个人的思路。
首先,准备依赖(这里只讲关键依赖,目前我就用到了这些,够用就行,也别把相关依赖全部弄进来):

<!--shiro依赖-->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>com.github.theborakompanioni</groupId>
            <artifactId>thymeleaf-extras-shiro</artifactId>
            <version>2.0.0</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-ehcache -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-ehcache</artifactId>
            <version>1.4.0</version>
        </dependency>
        <!--thymeleaf自动渲染-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>

我的有关shiro整合的结构图:

主要了解的类是MyRealm和MyShiroConfig,在配置的时候参考了jiankang66的springboot整合shiro实现权限控制这篇(链接地址:https://blog.csdn.net/jiankang66/article/details/90473517)
首先MyShiroConfig的配置:

package team.glh.springboot.plant_manager.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;

import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.cache.CacheProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import team.glh.springboot.plant_manager.shiro.CustomSessionManager;
import team.glh.springboot.plant_manager.shiro.MyMatcher;
import team.glh.springboot.plant_manager.shiro.MyRealm;
import team.glh.springboot.plant_manager.shiro.MyRememberFilter;

import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class MyShiroConfig {

    //密码验证器
    @Bean("credentialsMatcher")
    public CredentialsMatcher credentialsMatcher() {
        return new MyMatcher();
    }

    //权限验证器
    @Bean("myRealm")
    public MyRealm myRealm(@Qualifier("credentialsMatcher") CredentialsMatcher credentialsMatcher) {
        MyRealm myRealm = new MyRealm();
        //给权限验证器配置上自定义的密码验证器
        myRealm.setCredentialsMatcher(credentialsMatcher);
        return myRealm;
    }

    @Bean
    public CacheManager cacheManager(){
        return new MemoryConstrainedCacheManager();
    }

    /**
     * cookie对象;
     * rememberMeCookie()方法是设置Cookie的生成模版,比如cookie的name,cookie的有效时间等等。
     *
     * @return
     */
    @Bean
    public SimpleCookie rememberMeCookie() {
//        这个参数是cookie的名称,对应前端的checkbox的name=rememberMe
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
//        cookie生效时间为10秒
        simpleCookie.setMaxAge(10);
        return simpleCookie;
    }

    /**
     * cookie管理对象;
     * rememberMeManager()方法是生成rememberMe管理器,而且要将这个rememberMe管理器设置到securityManager中
     *
     * @return
     */
    @Bean
    public CookieRememberMeManager rememberMeManager() {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        return  cookieRememberMeManager;
    }

    @Bean
    public MyRememberFilter MyRememberFilter(){
        return new MyRememberFilter();
    }

    /**
     * 自定义sessionManager
     * @return
     */
    @Bean
    public SessionManager sessionManager(){
        return new CustomSessionManager();
    }

    //桥梁,主要是Realm的管理认证配置
    @Bean("securityManager")
    public SecurityManager securityManager(@Qualifier("myRealm") MyRealm myRealm) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        //注入自定义myRealm
        defaultWebSecurityManager.setRealm(myRealm);
        //注入自定义cacheManager
        defaultWebSecurityManager.setCacheManager(cacheManager());
        //注入记住我管理器
        defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
        //注入自定义sessionManager
        defaultWebSecurityManager.setSessionManager(sessionManager());


        //自定义缓存实现,使用redis
//        defaultWebSecurityManager.setSessionManager(SessionManager());
        return defaultWebSecurityManager;
    }

    //进行全局配置,Filter工厂,设置对应的过滤条件和跳转条件
    @Bean("shiroFilterFactoryBean")
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") SecurityManager securityManager) {
        //shiro对象
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(securityManager);
        bean.setLoginUrl("/toLogin");
        bean.setSuccessUrl("/success");


        Map<String, Filter> filterMap=new LinkedHashMap<String,Filter>();
        filterMap.put("MyRememberFilter",MyRememberFilter());

       /* //自定义拦截器
        Map<String, Filter> filterMap=new LinkedHashMap<String,Filter>();
        //限制同一账号同时在线的个数
//        filterMap.put("kickout",kickoutSessionControlFilter());
        bean.setFilters(filterMap);*/
        //MAP
        LinkedHashMap<String, String> linkedHashMap = new LinkedHashMap<String, String>();
        /*
        认证顺序是从上往下执行。
         */
        linkedHashMap.put("/logout", "logout");//在这儿配置登出地址,不需要专门去写控制器。
        linkedHashMap.put("/static/**", "anon");
        //开启注册页面不需要权限
//        linkedHashMap.put("/register", "anon");
//        linkedHashMap.put("/saveregister", "anon");
        //验证phone唯一
//        linkedHashMap.put("/solephone", "anon");
        //获取验证码
//        linkedHashMap.put("/getcode", "anon");
        //验证码判断
//        linkedHashMap.put("/comparecode", "anon");
//        linkedHashMap.put("/websocket", "anon");//必须开启。
//        linkedHashMap.put("/css/**", "anon");//不需要验证
//        linkedHashMap.put("/js/**", "anon");//不需要验证
        //配置错误页面
        linkedHashMap.put("error", "anon");//不需要验证



        linkedHashMap.put("/avatars/**", "anon");//不需要验证
        linkedHashMap.put("/css/**", "anon");//不需要验证
        linkedHashMap.put("/font/**", "anon");//不需要验证
        linkedHashMap.put("/images/**", "anon");//不需要验证
        linkedHashMap.put("/js/**", "anon");//不需要验证
        linkedHashMap.put("/login/**", "anon");//不需要验证
        linkedHashMap.put("/**", "user");//需要进行权限验
        bean.setFilterChainDefinitionMap(linkedHashMap);
        return bean;
    }

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }


    //加入·注解的使用,不加入这个注解不生效
    //启Shiro的注解(@RequiresRoles,@RequiresPermissions),需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
    //     * 配置以下两个bean(DefaultAdvisorAutoProxyCreator和AuthorizationAttributeSourceAdvisor)即可实现此功能
    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor sourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        sourceAdvisor.setSecurityManager(securityManager);
        return sourceAdvisor;
    }


    //    进行权限认证的,没有会使得前台的shiro标签无法使用
    //shiro结合thymeleaf实现细粒度权限控制
    @Bean
    public ShiroDialect shiroDialect() {
        return new ShiroDialect();
    }


}

MyRealm

package team.glh.springboot.plant_manager.shiro;

import com.alibaba.fastjson.JSON;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import team.glh.springboot.plant_manager.entity.sys.SysPermission;
import team.glh.springboot.plant_manager.entity.sys.SysRole;
import team.glh.springboot.plant_manager.entity.sys.SysUser;
import team.glh.springboot.plant_manager.service.itf.sys.ISysPermissionService;
import team.glh.springboot.plant_manager.service.itf.sys.ISysRoleService;
import team.glh.springboot.plant_manager.service.itf.sys.ISysUserService;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

public class MyRealm extends AuthorizingRealm {

    private Logger logger= LoggerFactory.getLogger(this.getClass());

    @Autowired
    private ISysUserService sysUserService;

    @Autowired
    private ISysRoleService roleService;

    @Autowired
    private ISysPermissionService sysPermissionService;

    /**
     * 权限验证
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();

        SysUser user = sysUserService.listByAccount(principals.toString());
        if (null != user) {
            SysRole role = roleService.getById(user.getRoleId());
            if (null != role) {
                List<SysPermission> permissionList = sysPermissionService.listByRoleId(role.getId());

                logger.info("当前用户拥有的权限:"+JSON.toJSONString(permissionList));

                Set<String> roles = new HashSet<>();
                Set<String> permissions = new HashSet<>();

                roles.add(role.getCode());
                if (null != permissionList) {
                    for (SysPermission permission : permissionList) {
                        permissions.add(permission.getCode());
                    }
                }

                logger.info("拥有的角色:"+role.getCode()+"拥有的权限"+ JSON.toJSONString(permissions));

                simpleAuthorizationInfo.addRoles(roles);
                simpleAuthorizationInfo.addStringPermissions(permissions);


            }
            simpleAuthorizationInfo.addStringPermission("user");
        }
        return simpleAuthorizationInfo;
    }

    /**
     * 用户身份验证
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //从token获取用户名,从主体传过来的认证信息中获取
        //加这一步的目的是在post请求时会先进入认证然后再到请求。
        if(authenticationToken.getPrincipal()==null){
            return null;
        }
        //获取用户的登录信息,用户名
        String account=authenticationToken.getPrincipal().toString();

        //根据service调用用户名,查找用户的全部信息
        //通过用户名到数据库获取凭证

        SysUser sysUser = sysUserService.listByAccount(account);

        if (null != sysUser) {
            String password = sysUser.getPassword();
            Integer state = sysUser.getState();

            // 1:正常 2:禁用 3:锁定
            if (state == (short)2) {
                throw new DisabledAccountException("禁用账号");
            } else if (state == (short)3) {
                throw new LockedAccountException("密码输入错误次数大于5,账号锁定");
            } else {
                return new SimpleAuthenticationInfo(account, password,getName());
            }

        } else {
            throw new UnknownAccountException("账户不存在");
        }

    }

}

CustomSessionManager

import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;

public class CustomSessionManager extends DefaultWebSessionManager {

}

MyMatcher

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.apache.shiro.crypto.hash.Sha384Hash;

/**
 * @Author:
 * @Date: Created in 下午5:32 2020/2/11
 * @todo:验证密码 查找到了该用户 自定义密码验证器
 */
public class MyMatcher extends SimpleCredentialsMatcher {

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        String pwd = encrypt(String.valueOf(usernamePasswordToken.getPassword()));
        String mysqlpwd = (String) info.getCredentials();
        return this.equals(pwd, mysqlpwd);
    }

    //将传进来的密码进行加密的方法
    private String encrypt(String data){
        String sha384Hex=new Sha384Hash(data).toBase64();
        return sha384Hex;
    }

}

MyRemenberFilter

package team.glh.springboot.plant_manager.shiro;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @Author: Gan LingHao
 * @Date: Created in 下午6:32 2020/2/11
 * @todo: 暂时未启用
 */
public class MyRememberFilter extends FormAuthenticationFilter {

    protected boolean isAccessAllowed(HttpServletRequest request, HttpServletResponse response, Object mappedValue){
        Subject subject=getSubject(request,response);
        if(!subject.isAuthenticated() && subject.isRemembered()){
            if(subject.getSession().getAttribute("user")==null &&subject.getPrincipal()!=null){
                subject.getSession().setAttribute("user",subject.getPrincipal());
            }

        }

        return subject.isAuthenticated() || subject.isRemembered();
    }
}

ShiroUtil

package team.glh.springboot.plant_manager.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import team.glh.springboot.plant_manager.entity.sys.SysUser;
import team.glh.springboot.plant_manager.vo.Contants;
import team.glh.springboot.plant_manager.vo.SysPermissionVO;

import java.util.List;
import java.util.ResourceBundle;

/**
 * @Author: 
 * @Date: Created in 下午10:47 2019/12/30
 * @todo: 加密密码
 */
public class ShiroUtil {

    private static Logger logger= LoggerFactory.getLogger(ShiroUtil.class);

    private static String TYPE;

    private static Integer COUNT;

    static {
        ResourceBundle resourceBundle=ResourceBundle.getBundle("realm");
        TYPE=resourceBundle.getString("realm.hashed.type");
        COUNT= Integer.parseInt(resourceBundle.getString("realm.hashed.count"));
    }

    /**
     * 密码加密
     * @param account
     * @param password
     * @return
     */
    public static String saltPwd(String account,String password){
        ByteSource salt= ByteSource.Util.bytes(account);
        return new SimpleHash(TYPE,password,salt,COUNT).toString();
    }

    /**
     * 当前操作用户保存到session
     * @param user
     */
    public static void setCurrentUser(SysUser user){
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.setAttribute(Contants.LOGIN_USER,user);
    }

    /**
     * 获取当前登录成功的用户
     * @return
     */
    public static SysUser getCurrentLoginUser(){
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        SysUser user = null != session.getAttribute(
                Contants.LOGIN_USER)?(SysUser)session.getAttribute(Contants.LOGIN_USER):null;
        return user;
    }

    /**
     * 当用户退出系统或登录失败时移除当前操作用户
     */
    public static void removeCurrentUser(){
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.removeAttribute(Contants.LOGIN_USER);

        logger.info("当前sessionId "+session.getId());
    }

    /**
     * 将获取到的有效权限放到session中
     * @param allPermission
     */
    public static void setAllPermission(List<SysPermissionVO> allPermission){
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.setAttribute(Contants.ALL_PERMISSION,allPermission);
        session.touch();
    }

    /**
     * 移除之前session中获取到的有效权限
     */
    public static void removeAllPermission(){
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.removeAttribute(Contants.ALL_PERMISSION);
    }

    /**
     * 重新赋值权限(在比如:给一个角色临时添加一个权限,需要调用此方法刷新权限,否则还是没有刚赋值的权限)
     * @param account 当前登录用户的用户名
     */
    public static void reloadAuthorizing(String account){

        //重新修改权限后清楚缓存,调用doGetAuthorizationInfo重新取角色的权限信息
        RealmSecurityManager rsm = (RealmSecurityManager) SecurityUtils.getSecurityManager();
        MyRealm myRealm = (MyRealm) rsm.getRealms().iterator().next();
        Subject subject = SecurityUtils.getSubject();
        String realmName = subject.getPrincipals().getRealmNames().iterator().next();

        //shiroRealm.clearAllCachedAuthorizationInfo2();//清楚所有用户权限
        //第一个参数为用户名,第二个参数为realmName,test想要操作权限的用户
        SimplePrincipalCollection principals = new SimplePrincipalCollection(account,realmName);
        subject.runAs(principals);
        myRealm.getAuthorizationCache().remove(subject.getPrincipals());
        subject.releaseRunAs();
    }

}

LoginController

package team.glh.springboot.plant_manager.controller.basic;

import org.apache.ibatis.annotations.Param;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.*;
import team.glh.springboot.plant_manager.entity.sys.SysUser;
import team.glh.springboot.plant_manager.service.itf.sys.ISysPermissionService;
import team.glh.springboot.plant_manager.service.itf.sys.ISysRoleService;
import team.glh.springboot.plant_manager.service.itf.sys.ISysUserService;
import team.glh.springboot.plant_manager.shiro.ShiroUtil;
import team.glh.springboot.plant_manager.vo.ResponseMessage;
import team.glh.springboot.plant_manager.vo.SysPermissionVO;

import javax.servlet.http.HttpServletRequest;
import java.time.LocalDateTime;
import java.util.*;

/**
 * @Author: 
 * @Date: Created in 下午12:32 2020/2/8
 * @todo: 登录
 */
@Controller
public class LoginController {

    private Logger logger= LoggerFactory.getLogger(getClass());

    @Autowired
    private ISysUserService sysUserService;

    @Autowired
    private ISysRoleService roleService;

    @Autowired
    private ISysPermissionService sysPermissionService;

    @RequestMapping("/toLogin")
    public String toLogin(){
        return "basic/login";
    }

    /**
     * post登录
     *
     * @param account
     * @param password
     * @return
     */
    @RequestMapping(value = "/login", method = RequestMethod.POST)
    public String login2(@Param("account") String account, @Param("password") String password,Model model,HttpServletRequest request) {
        Subject subject= SecurityUtils.getSubject();

        UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken(account,password);

        ResponseMessage msg=new ResponseMessage();
        try{
            subject.login(usernamePasswordToken);

            if(subject.isAuthenticated()){
                logger.info("登录成功");

                String host=request.getRemoteHost()+":"+request.getRemotePort();
                logger.info("当前登录host:port"+host);
                SysUser sysUser=sysUserService.listByAccount(account);
                sysUser.setLastLoginTime(sysUser.getThisLoginTime());
                sysUser.setLastLoginIp(sysUser.getThisLoginIp());
                sysUser.setThisLoginTime(LocalDateTime.now());
                sysUser.setThisLoginIp(host);

                //将用户信息存入session中
                ShiroUtil.setCurrentUser(sysUser);

                sysUserService.saveOrUpdate(sysUser);

                return "redirect:success";
            }else{
                msg.setValue(110);
                msg.setDesc("认证失败");
                logger.info("认证失败");
                model.addAttribute("msg",msg);
                return "basic/login";
            }
        }catch (UnknownAccountException ex){
            msg.setValue(110);
            msg.setDesc("账号不存在");
            logger.info("账号不存在");
            model.addAttribute("msg",msg);
            return "basic/login";
        } catch (IncorrectCredentialsException ex){
            msg.setValue(110);
            msg.setDesc("密码错误");
            logger.info("密码错误");
            model.addAttribute("msg",msg);
            return "basic/login";
        } catch (LockedAccountException ex){
            msg.setValue(110);
            msg.setDesc("错误次数过多,锁定账号");
            logger.info("错误次数过多,锁定账号");
            model.addAttribute("msg",msg);
            return "basic/login";
        } catch (DisabledAccountException ex){
            msg.setValue(110);
            msg.setDesc("此帐号已被禁用");
            logger.info("此帐号已被禁用");
            model.addAttribute("msg",msg);
            return "basic/login";
        }
    }

    @RequestMapping("/success")
    public String success(Model model){

        List<SysPermissionVO> permissions=sysPermissionService.listByEffective(1,1);
        ShiroUtil.setAllPermission(permissions);
        model.addAttribute("index","index");

        return "basic/index";
    }
    @RequestMapping("/logout")
    public String logout(){
        logger.info(ShiroUtil.getCurrentLoginUser().getName()+"退出系统");

//        SecurityUtils.getSubject().logout();

        ShiroUtil.removeCurrentUser();
        ShiroUtil.removeAllPermission();

        return "basic/login";
    }

}

前端关于shiro的代码

               <li
                        th:each="permission:${session.ALL_PERMISSION}" class=""
                        th:class="${permission.code == parentCode}?'active open'"
                >
<!--                    <shiro:hasPermission th:name="${permission.code}">-->
                    <a href="#" class="dropdown-toggle" shiro:hasPermission="${permission.code}">
                        <i class="icon-list"></i>
                        <span class="menu-text"> [[${permission.name}]]</span>
                        <b class="arrow icon-angle-down"></b>
                    </a>

                    <ul class="submenu">
                        <li th:each="children:${permission.childrens}"
                            th:class="${children.code == sonCode}?'active'"
                        >
<!--                            <shiro:hasPermission th:name="${children.code}">-->
                            <a href="tables.html" th:href="@{${children.url}}" shiro:hasPermission="${children.code}">
                                <i class="icon-double-angle-right"></i>
                                [[${children.name}]]
                            </a>
<!--                            </shiro:hasPermission>-->
                        </li>

                    </ul>
<!--                    </shiro:hasPermission>-->
                </li>

要想开启提示,导入它的命名空间

<html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">

这就是有关整合的全部有效代码,貌似不缺。

GLH508
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
自学springboot整合shiro +thymeleaf
codebeef的博客
06-04 357
springboot + Shiro + thymeleaf 什么是Shiro? Apache Shiro是一个java的安全(权限)框架 Shiro可以非常容易开发出足够好的应用,其不仅可以用在javaSE环境,也可以用在javaEE环境 Shiro可以完成认证、授权、会话管理、web集成、缓存等 有哪些功能? Authentication:用户认证(登录) Authorization:权限控制 Session Management:会话管理 Cryptography:数据加密 Web Suppor
springboot+thymeleaf+shiro标签
很多时候犯错都是在不知情的情况下发生的
05-19 1945
1,pom中加入依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> <ver...
shiro入门案例,springboot+shiro+thymeleaf
weixin_44162147的博客
05-19 410
Shiro shiro的核心组件: 用户、角色、权限 会给角色赋予权限,给用户赋予角色 组件: 1、UsernamePasswordToken, shiro用来封装用户的登录信息,使用用户的登录信息来创建令牌TOken, 2、SecurityManager,shiro的核心,负责安全认证和授权 3、SubjectShiro的一个抽象概念,包含了用户的信息 4、Realm,开发者自定义的模块,根据项目的需求,验证和授权的逻辑全部卸载Realm中 5、AuthenticationInfo,用户的角色信息集合,
SpringBoot整合shiro整合thymeleaf详细示例
chengweimam的博客
03-21 1080
SpringBoot整合shiro+thymeleaf详细示例准备工作:1.所需的maven依赖2.搭建测试项目2.1创建后台结构和所需类2.2 创建数据库2.3 编写配置文件2.4 编写pojo,dao,service包下的类方法2.5 controller层以及前端页面3.编写核心配置类开始测试: 这是一片从头到尾的详细整合演示,让你直接复制就能运行的代码。 准备工作: 1.所需的maven依...
Shiro整合Springboot+themleaf
liudachu的博客
07-25 354
6.1 整合思路 6.2 配置环境 创建项目 引入依赖 <!--引入shiro整合Springboot依赖--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-starter</artifactId> <version>1.5.3</version> </dependency
SpringBoot+Mybatis+Thymeleaf整合Shiro入门
06-05
总结起来,SpringBoot、Mybatis、ThymeleafShiro整合,可以构建一个安全、高效的Web应用。SpringBoot简化了项目配置,Mybatis处理数据库操作,Thymeleaf负责视图渲染,而Shiro则提供了一套完善的权限控制机制。...
Springboot+shiro+thymeleaf
07-14
标题 "Springboot+shiro+thymeleaf" 指的是一个基于Spring Boot的Web应用,其中集成了Shiro安全框架和Thymeleaf模板引擎。这个项目旨在提供一个安全且用户友好的后台管理系统。下面我们将深入探讨Spring Boot、Shiro...
springboot+shiro+mybatis+Thymeleaf实现用户权限框架
11-29
本项目名为“springboot+shiro+mybatis+Thymeleaf实现用户权限框架”,它整合了四个关键的技术组件,旨在提供一个易于上手、功能丰富的解决方案。下面将详细阐述这些技术及其在框架中的作用。 1. **Spring Boot**: ...
springboot2+mybatis+thymeleaf+layui整合开发物流仓库后台管理系统
04-19
仓库管理系统主要用到的技术有springboot,mybatisplus,shiro。主要角色有超级管理员、基础数据管理员、仓库管理员、销售管理员、系统管理员。不同角色拥有不同的权限,使用shiro完成认证和授权。 该系统主要分为个...
基于SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + .zip
最新发布
02-04
标题 "基于SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + .zip" 暗示了这是一个使用多种技术构建的Web应用程序。这个项目整合了几个关键的组件来实现一个现代化、高效且安全的后端架构。让我们详细探讨...
springboot集成mybatis+shiro+thymeleaf
09-26
springboot集成mybatis+shiro+thymeleaf。只是个人做的小demo,@SpringBootApplication 和@RestController是一个组合注解。@RestController是组合了@ResponseBody&@Controller 注解分为元注解和组合注解。 注解又分为JAVA注解和Spring注解 在业务层建议使用Spring注解,配置使用JAVA注解~~ :sob: SpringBoot大量的注解是基于Spring4.x的
Java模板引擎 thymeleaf-extras-shiro-1.0.2.jar
06-04
如果要使用shiro的话,可以引入 thymeleaf-extras-shiro.jar这个拓展包来曲线实现shiro的前端验证
Spring MVC Thymeleaf Shiro Dialect 整合
10-23 2507
Shiro官方支持多种模板方言,却没有为Thymeleaf提供支持,幸好有第三方提供的thymeleaf-extras-shiro 它与Springboot整合比较简单,这里就不介绍了。 在与SpringMVC整合时,却遇到了让人头疼的问题,网上到处搜索,一步步调试代码,最终找到了解决方案。 第一步,引用thymeleaf-extras-shiro包 &l...
springboot整合shiro+thymeleaf
weixin_45577058的博客
06-23 446
springboot整合shiro+thymeleaf a.步骤: 1.创建prom文件,导入依赖 2.在resources文件下创建mappers包和templates包,并且创建配置文件application.yml,application.properties 3.创建启动类App 4.创建shiro整合springboot的配置类,以及shiro的realm文件 5.创建基础的MVC架构,pojo,mapper,service,controller b.项目目录 c.效果截图 1.启动spri
shiro thymeleaf整合使用
蕃薯耀的博客
04-16 929
================================ ©Copyright 蕃薯耀 2022-04-16 蕃薯耀的博客_CSDN博客 一、引入依赖 <!-- 使用见:https://github.com/theborakompanioni/thymeleaf-extras-shiro --> <dependency> <groupId>com.github.theborakompanioni</groupId> <arti.
SpringBoot+Mybatis+thymeleaf+shiro(注解实现!)实现角色权限管理配置,是小白?进来就对了!
weixin_48868742的博客
11-18 827
SpringBoot+Mybatis+thymeleaf+shiro(注解实现!)实现角色权限管理配置,是小白?进来就对了!
springboot thymeleafshiro 整合 第四篇 持久层+控制器+html
ruiguang21的博客
05-11 530
package com.ruiguang.entity;import java.io.Serializable;import java.util.List;import javax.persistence.Column;import javax.persistence.FetchType;import javax.persistence.JoinColumn;import javax.persis...
简单轻量级登录认证鉴权应用(springboot+thymeleaf+apache shiro
gesanghua601的博客
05-27 1195
最近抽空研究了目前比较常用的轻量级安全框架Apache shiro,首先查看了很多现有的博客,打好理论基础,然后学以致用,码代码出学习成果,收获颇丰! 推荐本人参考过的优秀博客 ####参考博客 SpringBoot+shiro整合学习之登录认证和权限控制 https://www.cnblogs.com/ll409546297/p/7815409.html https://www.cnb...
SpringBootShiro整合.docx
02-09
SpringBootShiro整合-权限管理实战-课堂笔记.docx

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值