代码延续地址:Shiro+springboot+mybatis(md5+salt+散列)认证与授权-01
1.创建t_role角色表(比如管理员admin,普通用户user等),创建t_pers权限表(比如add,update,delete等),t_user_role与t_role_pers作为三个表的中间表(因为这三个表之间是多对多的关系)
2.UserMapper.xml新增sql查询
<select id="findByRolesUserName" parameterType="String" resultMap="userMap">
select u.id uid,u.username,r.id rid,r.name
from t_user u
left join t_user_role ur
on u.id=ur.userId
left join t_role r
on ur.roleId=r.id
where u.username=#{username};
</select>
<select id="findPermsByRoleId" parameterType="String" resultType="com.hao.springboot.entity.Pers">
select p.id,p.name,p.url,r.name
from t_role r
left join t_role_pers rp
on r.id=rp.roleId
left join t_pers p
on p.id=rp.persId
where r.id=#{id}
</select>
3.UserDao新增方法
//根据用户名查询所有角色
User findByRolesUserName(String username);
//根据角色id查询权限集合
List<Pers> findPermsByRoleId(String id);
4.Service层新增方法(接口代码省略)
@Override
public User findByRolesUserName(String username) {
return userDao.findByRolesUserName(username);
}
@Override
public List<Pers> findPermsByRoleId(String id) {
return userDao.findPermsByRoleId(id);
}
5.改变自定义realm
/**
* @author:抱着鱼睡觉的喵喵
* @date:2020/12/29
* @description: 自定义realm完成用户认证和授权
*/
public class CustomerRealm extends AuthorizingRealm {
/**
* 用户授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("调用权限认证:"+principalCollection);
String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();
//调用身份信息获取角色和权限信息
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
//根据主身份获取角色和权限信息
User users = userService.findByRolesUserName(primaryPrincipal);
//授权角色信息
if (!CollectionUtils.isEmpty(users.getRoles())){
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
users.getRoles().forEach(role -> {
simpleAuthorizationInfo.addRole(role.getName());
List<Pers> perms = userService.findPermsByRoleId(role.getId());
if (!CollectionUtils.isEmpty(perms)){
perms.forEach(pers -> {
simpleAuthorizationInfo.addStringPermission(pers.getName());
});
}
});
return simpleAuthorizationInfo;
}
return null;
}
/**
* 用户认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String principal = (String) authenticationToken.getPrincipal();
//在工厂中获取业务对象
UserService userService = (UserService) ApplicationContextUtils.getBean("userService");
User user = userService.findByUserName(principal);
if (!ObjectUtils.isEmpty(user)){
return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(), ByteSource.Util.bytes(user.getSalt()),this.getName());
}
return null;
}
}
6.index.jsp
<%@page contentType="text/html; utf-8" pageEncoding="UTF-8" isELIgnored="false" %>
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<h1>系统主页,欢迎你的到来</h1>
<a href="${pageContext.request.contextPath}/user/outLogin">退出</a>
<ul>
<shiro:hasAnyRoles name="user">
<li><a href="">用户管理</a>
<ul>
<shiro:hasPermission name="user:add:*">
<li><a href="">添加用户</a></li>
</shiro:hasPermission>
<li><a href="">删除用户</a></li>
<li><a href="">修改用户</a></li>
<li><a href="">查询用户</a></li>
</ul>
</li>
</shiro:hasAnyRoles>
<shiro:hasRole name="product">
<li><a href="">部分格式化</a> </li>
</shiro:hasRole>
<shiro:hasRole name="admin">
<li><a href="">商品管理</a> </li>
<li><a href="">订单管理</a> </li>
<li><a href="">物流管理</a> </li>
</shiro:hasRole>
<shiro:hasRole name="shper">
<li><a href="">终极格式化</a> </li>
</shiro:hasRole>
</ul>
</body>
</html>
7.访问http://localhost:8080/shiro/login.jsp
退出