如果登录验证成功以后开始写授权 ,授权的主要代码是MyRealm.class里面的 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) 这个方法
package util.shiro;
import java.util.ArrayList;
import java.util.Collection;
import javax.annotation.Resource;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Component;
import dao.user.UserManageDao;
import entities.login.User;
import entities.permission.Permission;
import entities.permission.Role;
import service.user.UserManageService;
@Component("MyRealm")
public class MyRealm extends AuthorizingRealm {
@Resource
private UserManageDao userManageDao;
@Resource
private UserManageService userManageService;
/**
*权限认证
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获得登录验证的时SimpleAuthenticationInfo(user.getName(),user.getPassword(),getName()); 加入的第一参数
也就是登录名
String userName = (String) principals.fromRealm(getName()).iterator().next();
User user=userManageService.getUserPermissions(userName);
if( user != null ) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for( Role role : user.getRoles() ) {
info.addRole(role.getName());
Collection<String> permissions= new ArrayList<String>();
for(Permission permission:role.getPermissions()){
permissions.add(permission.getName());
}
info.addStringPermissions(permissions);
}
return info;
} else {
return null;
}
}
/**
* 登录认证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken aucatoken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken)aucatoken;
String name=token.getUsername();
User user=userManageDao.getUser(name);
if(user!=null){
return new SimpleAuthenticationInfo(user.getName(),user.getPassword(),getName());
}else{
throw new AuthenticationException();
}
}
}
BaseEntities.class
package entities.common;
import java.io.Serializable;
import java.util.Date;
import org.springframework.format.annotation.DateTimeFormat;
/**
* 基本实体类
* @author
*
*/
public class BaseEntities implements Serializable {
private static final long serialVersionUID = 582421988320252728L;
/**
* 添加人
*/
private String add_person;
/**
* 添加时间
*/
@DateTimeFormat(pattern="yyyy-MM-dd HH:mm:ss")
private Date add_time;
/**
* 修改人
*/
private String update_person;
/**
* 修改时间
*/
@DateTimeFormat(pattern="yyyy-MM-dd HH:mm:ss")
private Date update_time;
public String getAdd_person() {
return add_person;
}
public void setAdd_person(String add_person) {
this.add_person = add_person;
}
public Date getAdd_time() {
return add_time;
}
public void setAdd_time(Date add_time) {
this.add_time = add_time;
}
public String getUpdate_person() {
return update_person;
}
public void setUpdate_person(String update_person) {
this.update_person = update_person;
}
public Date getUpdate_time() {
return update_time;
}
public void setUpdate_time(Date update_time) {
this.update_time = update_time;
}
}
user.class
package entities.login;
import java.util.List;
import entities.common.BaseEntities;
import entities.organization.Dept;
import entities.permission.Role;
public class User extends BaseEntities {
private static final long serialVersionUID = 2039861692418167602L;
private String id;//主键
private String name;//用户名
private String password;//密码
private String deptId;//所属部门ID
private List<Role> roles;//用户所属角色
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public void setName(String name){
this.name=name;
}
public String getName(){
return name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getDeptId() {
return deptId;
}
public void setDeptId(String deptId) {
this.deptId = deptId;
}
public List<Role> getRoles() {
return roles;
}
public void setRoles(List<Role> roles) {
this.roles = roles;
}
}
Role.class
package entities.permission;
import java.util.Collection;
import java.util.List;
import entities.common.BaseEntities;
/**
* 角色VO
* @author
*
*/
public class Role extends BaseEntities {
private static final long serialVersionUID = 4959629763490520963L;
private String id;//角色ID
private String name;//角色名称
private String remark; //角色描述
private List<Permission> permissions;//角色所拥有的权限
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getRemark() {
return remark;
}
public void setRemark(String remark) {
this.remark = remark;
}
public List<Permission> getPermissions() {
return permissions;
}
public void setPermissions(List<Permission> permissions) {
this.permissions = permissions;
}
}
permission.class
package entities.permission;
import entities.common.BaseEntities;
/**
* 权限VO
* @author
*
*/
public class Permission extends BaseEntities {
private static final long serialVersionUID = -9065412662525813726L;
//权限ID
private String id;
//角色ID
private String roleId;
//角色名称
private String name;
//角色描述
private String remark;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getRoleId() {
return roleId;
}
public void setRoleId(String roleId) {
this.roleId = roleId;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getRemark() {
return remark;
}
public void setRemark(String remark) {
this.remark = remark;
}
}
表结构:
user 表
role表
permission 表
调用权限验证的方法:
//判断是否有权限
Subject currentUser = SecurityUtils.getSubject();
//当你调用currentUser.isPermitted("aaa") 或者currentUser.hasRole("admin")
//或者注解JSP标签方法时候 就会进入权限验证方法, 验证方法里面
//info.addRole(role.getName());info.addStringPermissions(permissions);
这两个方法加的数据就是你的判断依据
if(!currentUser.isPermitted("admin")){
}else{
}
}