本人语文不咋地 理解慢
理解:
Authorizer 的职责是进行授权(访问控制) 这个东西就是用来授权的;
PermissionResolver 用于
解析权限字符串 得到 Permission 实例;
Role
PermissionResolver 用于根据角色解析相应的权限集合。
BitPermission 用于实现位移方式的权限,如规则是:
权限字符串格式:+ 资源字符串 + 权限位 + 实例 ID;以 + 开头中间通过 + 分割;权限:0 表示所有权限;1 新
增(二进制:0001)、2 修改(二进制:0010)、4 删除(二进制:0100)、8 查看(二进制:1000);如 +u
ser+10 表示对资源 user 拥有修改 / 查看权限。
实例:
public BitPermission(String permission){ String[] array = permission.split("\\+"); if(array.length > 1) { resourceIdentify = array[1]; } if(resourceIdentify==null || resourceIdentify.equals("")){ resourceIdentify = "*"; } if(array.length > 2) { permissionBit = Integer.valueOf(array[2]); } if(array.length > 3) { instanceId = array[3]; } if(instanceId==null || instanceId.equals("")) { instanceId = "*"; } } public boolean implies(Permission permission) { if (!(permission instanceof BitPermission)) { return false; } BitPermission other = (BitPermission) permission; if (!("*".equals(this.resourceIdentify) || this.resourceIdentify.equals(other.resourceIdentify))) { return false; } return true; }声明BitPremission
public class BitAndWildPermissionResolver implements PermissionResolver { public Permission resolvePermission(String permissionString) { if(permissionString.startsWith("+")) { return new BitPermission(permissionString); } return new WildcardPermission(permissionString); } }权限解析类通过这个类得到权限实例
public class MyRolePermissionResolver implements RolePermissionResolver { public Collection<Permission> resolvePermissionsInRole(String roleString) { if("role1".equals(roleString)) { return Arrays.asList((Permission)new WildcardPermission("menu:*")); } return null; } }角色权限解析类,通过角色获取权限集合
public class MyRealmTest extends AuthorizingRealm { protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addRole("role1"); authorizationInfo.addRole("role2"); authorizationInfo.addObjectPermission(new BitPermission("+user1+10")); authorizationInfo.addObjectPermission(new WildcardPermission("user1:*")); authorizationInfo.addStringPermission("+user2+10"); authorizationInfo.addStringPermission("user2:*"); return authorizationInfo; } protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String username=(String)authenticationToken.getPrincipal(); String password=new String((char[])authenticationToken.getCredentials()); if(!"zhang".equals(username)){ throw new UnknownAccountException(); } if(!"123".equals(password)){ new IncorrectCredentialsException(); } return new SimpleAuthenticationInfo(username,password,getName()); } }通过这个Realm添加权限和角色
@Test public void testIsPermitted(){ login("classpath:shiro-authorizer.ini"); Assert.assertTrue(SecurityUtils.getSubject().isPermitted("user1:update")); Assert.assertTrue(SecurityUtils.getSubject().isPermitted("user2:update")); Assert.assertTrue(SecurityUtils.getSubject().isPermitted("+user1+2"));//新增权限 Assert.assertTrue(SecurityUtils.getSubject().isPermitted("+user1+8"));//查看权限 Assert.assertTrue(SecurityUtils.getSubject().isPermitted("+user2+10"));//新增及查看 //Assert.assertFalse(SecurityUtils.getSubject().isPermitted("+user1+4"));//没有删除权限 Assert.assertTrue(SecurityUtils.getSubject().isPermitted("menu:view"));//通过MyRolePermissionResolver解析得到的权限 }进行测试类测试角色信息
Realm-->MyRolePermissionResolver(获取权限集合)-->BitAndWildPermissionResolver(获取权限实例解析)
以上流程是目前理解 具体流程还给在核对一下。