Shiro动态刷新权限配置

最新推荐文章于 2021-02-28 00:06:48 发布

置顶

无畏的唐先生

最新推荐文章于 2021-02-28 00:06:48 发布

阅读量1.2k

点赞数

分类专栏： Shiro Java 文章标签： shiro java spring boot

本文链接：https://blog.csdn.net/weixin_42068254/article/details/107331165

版权

本文介绍了在SpringBoot+Shiro环境下，如何实现Shiro的资源路径权限配置从数据库动态读取。通过JurisdictionController管理资源，自定义ShiroRealm，在权限更新后调用updatePermission()方法，实现权限信息的动态刷新，避免应用重启。

摘要由CSDN通过智能技术生成

项目环境SpringBoot+Shiro

集成方法不再赘述。

Shiro的资源路径的权限配置从数据库读取

@Autowired
    JurisdictionService jurisdictionService;

    /**
     * 配置资源的访问权限
     * Bean name shiroFilter
     * @param securityManager 管理器
     * @return ShiroFilterFactoryBean
     */
    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
   
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/exception/notLogin");
        shiroFilterFactoryBean.setUnauthorizedUrl("/exception/notRole");
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        // 从数据库查询资源权限信息
        List<Jurisdiction> jurisdictionList = jurisdictionService.findAll();
        for (Jurisdiction jurisdiction : jurisdictionList) {
   
            filterChainDefinitionMap.put(jurisdiction.getResource(), jurisdiction.getValue());
        }
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;

    }

JurisdictionController

对资源路径进行新增修改等操作。


/**
 * @Title JurisdictionController
 * @Author Tang
 * @Date 2020/7/13 9:10
 * @Description
 */
@RestController
@RequestMapping("/jurisdiction")
@Api(tags = "资源权限相关接口")
public class JurisdictionController {
   

    @Autowired
    private JurisdictionService jurisdictionService;

    @Autowired
    private RoleService roleService;

    /**
     * 查询所有资源权限
     *
     * @return 资源权限列表
     */
    @RequestMapping(value = "/findAllJurisdictionDto", method = RequestMethod.GET)
    @ApiOperation(value = "/jurisdiction/findAllJurisdictionDto", tags = "查询所有资源权限的接口", response = ResultBean.class)
    @ApiResponses({
   
            @ApiResponse(code = 1, message = "查询资源权限成功")
    })
    public ResultBean<List<JurisdictionDto>> findAllJurisdiction() {
   
        ResultBean<List<JurisdictionDto>> resultBean = new ResultBean<>();
        // 查询所有的资源信息
        List<Jurisdiction> jurisdictionList = jurisdictionService.findAll();
        List<JurisdictionDto> jurisdictionDtoList = new ArrayList<>();
        for (Jurisdiction jurisdiction : jurisdictionList) {
   
            // 权限值 authc anon
            String purview = jurisdiction.getValue().split(",")[0];
            // 角色名列表
            List<String> roleNameList = RegexUtils.getRoleList(jurisdiction.getValue());
            List<Role> roleList = null;
            // 查询角色列表
            if (roleNameList.size() != 0) {
   
                roleList = roleService.findRoleByRoleNameList(roleNameList)