springboot+shiro 简单权限

最新推荐文章于 2024-06-18 10:17:47 发布

Hi_bernate

最新推荐文章于 2024-06-18 10:17:47 发布

阅读量1.2k

点赞数

分类专栏：项目搭建

本文链接：https://blog.csdn.net/qq_16414483/article/details/79379887

版权

项目搭建专栏收录该内容

8 篇文章 0 订阅

订阅专栏

之前搭建好的 http://blog.csdn.net/qq_16414483/article/details/79371388

这次是权限，只是简单通过角色来控制

需要 role(角色表) user_role(用户_角色对应表) 因为可能多对多查询，建立中间表

主页index.jsp只是简单设置

<%@ page language="java" contentType="text/html; charset=UTF-8"
	pageEncoding="UTF-8"%>
<%@ taglib uri="http://shiro.apache.org/tags" prefix="shiro" %>
<html>
<body>
	<h1>Hello World！</h1>
	
	<shiro:hasRole name="admin"><h1>一般角色</h1></shiro:hasRole>
	<shiro:hasRole name="spueradmin"><h2>普通角色</h2></shiro:hasRole>
	<shiro:hasRole name="ccc"><h3>高级角色</h3></shiro:hasRole>
	<shiro:hasRole name="adminccc"><h4>厉害角色</h4></shiro:hasRole>
</body>
</html>

这里的<shiro:hasRole name="admin"> 只是数据库设置的角色名字

这里只是部分sql代码

 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="com.java.Olym.explore.mapper.RoleMapper">
 	<select id="queryRoleById" resultType="string">
 		select tr.role_name as roleName 
 		from t_user_role tur join t_role tr 
 		on tur.role_id = tr.role_id
 		where tur.user_id = #{uid} 
 	</select>

</mapper>

这里RoleService 和 RoleMapper 就不贴出来，只是照写

最后是继承 AuthorizingRealm 的Realm类的权限方法添加代码

package com.java.Olym.shiro;

import java.util.Set;

import javax.annotation.Resource;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.java.Olym.explore.entity.User;
import com.java.Olym.explore.service.RoleService;
import com.java.Olym.explore.service.UserService;



/**
 * 登录身份校验
 */
public class MyShiroRealm extends AuthorizingRealm {
	private final Logger log = LoggerFactory.getLogger(this.getClass());
	@Resource
	private UserService userService;
	@Resource
	private RoleService roleService;
	/**
	 * 验证用户身份
	 * 
	 */

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)throws AuthenticationException  {
		log.info("$--验证用户身份:MyShiroRealm.doGetAuthenticationInfo()");
		 //获取用户的输入的账号.
		String loginName = ((String)token.getPrincipal()).trim();
		char[] pwd = (char[]) token.getCredentials();
		/*UsernamePasswordToken loginToken = (UsernamePasswordToken) token;
		String username = loginToken.getUsername();*/
		log.info(String.format("$--loginName=%s;pwd=%s",loginName,String.valueOf(pwd)));
		User userInfo = userService.getUser(loginName);
		if(userInfo!=null )		
		{ 
				SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
						userInfo.getUserName(), //用户名(数据库查询出来)
						userInfo.getUserPassword(), //密码(数据库查询出来)
						ByteSource.Util.bytes(userInfo.getCredentialsSalt()),//salt=username+salt  ByteSource.Util.bytes(userInfo.getCredentialsSalt()
						getName() //realm name
						); 
				
//				AuthenticationInfo authenticationInfo = 
//						new SimpleAuthenticationInfo(userInfo, userInfo.getPassword(), this.getName());
				//放入session(有疑虑) 
				Subject currentUser = SecurityUtils.getSubject(); 
		        Session session = currentUser.getSession();
				session.setAttribute("userInfo",userInfo);
				return authenticationInfo;
			}
		
	
		return null;
	}	
	/**
	 * 权限信息 
	 * 此方法调用  hasRole,hasPermission的时候才会进行回调.
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		log.info("---------------------------------------------------------------------");
		log.info("$--权限配置-->MyShiroRealm.doGetAuthorizationInfo()");
	    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();    
	    //设置权限信息.查询数据设置权限列表....
	    String userName = (String)principals.getPrimaryPrincipal();
	      //获取userid
	    User user1 = userService.getUser(userName);
	    String userId = userService.getUser(userName).getUserId()+"";
	    log.info("该用户的id是--"+userId);
	      // 获取可用的角色
	    Set<String> userAvailableRoles= roleService.queryRoleById(userId);
	    log.info("该用户的可用角色是--"+userAvailableRoles.toString());
	    authorizationInfo.setRoles(userAvailableRoles);	    
	    return authorizationInfo;
	}
			

}

至此，测试结果如图

，没有厉害角色，就是<shiro:hasRole name="adminccc">不在，测试结果成功！

Hi_bernate

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
springboot+shiro 简单权限

之前搭建好的 http://blog.csdn.net/qq_16414483/article/details/79371388这次是权限，只是简单通过角色来控制需要 role(角色表) user_role(用户_角色对应表) 因为可能多对多查询，建立中间表主页index.jsp只是简单设置&lt;%@ page language="java" contentType="text/html; c...
复制链接

扫一扫

专栏目录