[url=http://www.2cto.com/kf/201604/502204.html]shiro直接对类进行注解,类似于@Controller的形式[/url]
MyPermissionAnnotationHandler
MyPermissionAnnotationHandler
public void assertAuthorized(MethodInvocation mi) throws AuthorizationException {
RequiresPermissions methodAnnotation = mi.getMethod().getAnnotation(RequiresPermissions.class);
String[] methodPerms = methodAnnotation.value();
Subject subject = getSubject();
if (methodPerms.length == 1) {
RequiresPermissions classAnnotation = mi.getThis().getClass().getAnnotation(RequiresPermissions.class);
if(null != classAnnotation) {
String[] classPerms = classAnnotation.value();
subject.checkPermission(classPerms[0] + methodPerms[0]);
} else {
subject.checkPermission(methodPerms[0]);
}
return;
}
if (Logical.AND.equals(methodAnnotation.logical())) {
getSubject().checkPermissions(methodPerms);
return;
}
if (Logical.OR.equals(methodAnnotation.logical())) {
// Avoid processing exceptions unnecessarily - "delay" throwing the exception by calling hasRole first
boolean hasAtLeastOnePermission = false;
for (String permission : methodPerms) if (getSubject().isPermitted(permission)) hasAtLeastOnePermission = true;
// Cause the exception if none of the role match, note that the exception message will be a bit misleading
if (!hasAtLeastOnePermission) getSubject().checkPermission(methodPerms[0]);
}
}