shiro标签库html,学习shiro——注解式授权和JSP标签授权

注解式授权 (shiro官网地址:http://shiro.apache.org/authorization.html#Authorization-AnnotationbasedAuthorization)

@RequiresAuthentication 要求当前Subject已经在当前的session中被验证通过才能被访问或调用

@RequiresAuthentication

public void updateAccount(Account userAccount) {

//this method will only be invoked by a

//Subject that is guaranteed authenticated

...

}

public void updateAccount(Account userAccount) {

if (!SecurityUtils.getSubject().isAuthenticated()) {

throw new AuthorizationException(...);

}

//Subject is guaranteed authenticated here

...

}

由上述例子可知,@RequiresAuthentication必须被验证通过后才能被访问或调用

2.RequiresGuest注解

@RequiresGuest要求当前的Subject是一个“guest”(访客的意思),也就是说,他们必须是在之前的session中没有被验证或被记住才能被访问或调用,

@RequiresGuest

public void signUp(User newUser) {

//this method will only be invoked by a

//Subject that is unknown/anonymous

...

}

public void signUp(User newUser) {

Subject currentUser = SecurityUtils.getSubject();

PrincipalCollection principals = currentUser.getPrincipals();

if (principals != null && !principals.isEmpty()) {

//known identity - not a guest:

throw new AuthorizationException(...);

}

//Subject is guaranteed to be a 'guest' here

...

}

//以上两个方法的功能是一样的

3.RequiresPermissions["account:create"]注解

@RequiresPermissions["account:create"]要求当前的subject被允许一个或多个权限,以便执行注解的方法。

@RequiresPermissions("account:create")

public void createAccount(Account account) {

//this method will only be invoked by a Subject

//that is permitted to create an account

...

}

public void createAccount(Account account) {

Subject currentUser = SecurityUtils.getSubject();

if (!subject.isPermitted("account:create")) {

throw new AuthorizationException(...);

}

//Subject is guaranteed to be permitted here

...

}

//以上两个方法的功能是一样的

4.@RequiresRoles注解

@RequiresRoles["administrator"]要求当前的subject拥有所有指定的角色,如果他们没有,则该方法将不会被执行,而且AuthorizationException异常将会被抛出

@RequiresRoles["administrator"]要求当前的subject拥有所有指定的角色,如果他们没有,则该方法将不会被执行,而且AuthorizationException异常将会被抛出

@RequiresRoles("administrator")

public void deleteUser(User user) {

//this method will only be invoked by an administrator

...

}

public void deleteUser(User user) {

Subject currentUser = SecurityUtils.getSubject();

if (!subject.hasRole("administrator")) {

throw new AuthorizationException(...);

}

//Subject is guaranteed to be an 'administrator' here

...

}

//以上两个方法是一样的功能

5.RequireUser注解

@RequiresUser注解需要当前的Subject是一个应用程序用户才能被注解的类/实例方法访问或调用

@RequiresUser

public void updateAccount(Account account) {

//this method will only be invoked by a 'user'

//i.e. a Subject with a known identity

...

}

public void updateAccount(Account account) {

Subject currentUser = SecurityUtils.getSubject();

PrincipalCollection principals = currentUser.getPrincipals();

if (principals == null || principals.isEmpty()) {

//no identity - they're anonymous, not allowed:

throw new AuthorizationException(...);

}

//Subject is guaranteed to have a known identity here

...

}

//以上两种方法的功能是一样的

6.JSP标签授权(官网地址见:http://shiro.apache.org/web.html#web-taglibrary)

tag库配置,web页面需加上该行:

并要引入jar包:

org.apache.shiro

shiro-web

1.3.2

guest标签:用户没有身份验证时显示的信息,即游客访问信息;

Hi there! Please Login or Signup today!

user标签:用户已经身份验证/记住我登录后显示的信息;

Welcome back John! Not John? Click here to login.

authenticated标签:用户已经身份验证通过,即subject login登录成功,不是记住我登录的。

Update your contact information.

notAuthenticated标签:用户没有身份验证通过,即没有调用subject login进行登录,包括记住我的也属于未进行身份验证

Please login in order to update your credit card information.

principal标签:显示用户身份信息,默认调用subject getPrincipal()获取,即primary principal

Hello, , how are you today?

Hello, , how are you today?

hasRole标签:如果当前subject有角色将显示body体内容

Administer the system

lacksRole标签:如果当前subject没有角色将显示body体内容

Sorry, you are not allowed to administer the system.

hasAnyRoles标签:如果当前subject有任意一个角色(或的关系)将显示body体的内容

You are either a developer, project manager, or administrator.

hasPermission标签:如果当前subject有权限将显示body体内容

Create a new User

lacksPermissions标签:如果当前subject没有权限将显示body体内容

Sorry, you are not allowed to delete user accounts.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值