[今日课程大纲]
Shiro实现授权
菜单授权
视图授权.
[知识点详解]
- 解决点击浏览器回退按钮无法再次登录问题
- 在控制器中编写退出的方法
/** * 发送ajax请求,执行退出 * @return */ @RequestMapping("ajaxLogout") @ResponseBody public int ajaxLogout(){ SecurityUtils.getSubject().logout(); System.out.println("执行退出"); return 0; } |
- 在登录页面jsp中发送ajax请求.
- 如果自定义Filter实现URL权限验证
- 新建类继承
public class MyValidateCodeFilter extends AuthenticationFilter{
@Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { String validateCode = request.getParameter("validateCode"); Object obj = ((HttpServletRequest)request).getSession().getAttribute("validateCode"); System.out.println("obj:"+obj); System.out.println("validateCode:"+validateCode); if(!validateCode.equals(obj.toString())){ System.out.println("阻止了"); response.setContentType("application/json;charset=utf-8"); PrintWriter out = response.getWriter(); out.print("5"); return false; } return true; }
} |
- 在applicationContext-shiro.xml中配置自定义类的<bean>
<bean id="myValidateCodeFilter" class="com.bjsxt.manage.filter.MyValidateCodeFilter"></bean> |
- 在ShiroFilterFactoryBean声明出哪个<bean>是shiro的filter
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"></property> <property name="filters"> <map> <entry key="validateCodeFilter" value-ref="myValidateCodeFilter"></entry> </map> </property> <property name="loginUrl" value="/login"></property> <property name="successUrl" value="/loginSuccess"></property> <property name="filterChainDefinitions"> <value> /login=validateCodeFilter,authc /**=anon </value> </property> </bean> |
- 授权
- 在Shiro中可以通过
- JAVA代码方式
- subject.hasRole()
- subject.isPermitted()
- JSP标签
- JAVA代码方式
1.2.1 导入标签库
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> |
1.2.2 使用
<shiro:hasRole name="管理员"> <a id="btn" href="#" class="easyui-linkbutton" data-options="iconCls:'icon-search'">注册新用户</a> </shiro:hasRole> |
-
- 注解
1.3.1 写在java代码方法上
@RequiresRoles("") |
- 都会触发自定义Realm的doGetAuthorizationInfo,方法中需要给返回值中添加用户所具有的角色或权限等.
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { // TODO Auto-generated method stub // // SecurityUtils.getSubject().hasRole(""); // SecurityUtils.getSubject().isPermitted("") Users user = (Users) principals.getPrimaryPrincipal(); SimpleAuthorizationInfo info= new SimpleAuthorizationInfo(); List<Role> list = user.getRoles(); for (Role role : list) { System.out.println(role.getName()); info.addRole(role.getName()); } // info.addStringPermission(permission); return info; } |