该项目中权限只涉及到角色
1 SpringMVC添加配置
<!-- 开启Shiro注解 -->
<aop:config proxy-target-class="true"></aop:config>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
2 授权方法
修改自定义Realm中授权的方法
@Resource
private IRoleService roleService;
//授权的方法
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取认证信息
Object obj = principals.getPrimaryPrincipal();
if(obj instanceof User){
User user = (User) obj;
//根据用户编号查出对应的所有角色信息
List<Role> roles = roleService.queryByUserId(user.getUserId());
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//将用户具有的角色保存到SipmleAuthorizatinoInfo对象中
for(Role role:roles){
info.addRole(role.getRoleName());
}
return info;
}
return null;
}
3 获取用户对应的权限
RoleService接口中定义方法
//根据用户编号查询对应的角色信息
List<Role> queryByUserId(Integer userId);
RoleService方法实现
@Override
public List<Role> queryByUserId(Integer userId) {
return roleMapper.queryByUserId(userId);
}
RoleMapper接口中定义方法
List<Role> queryByUserId(Integer userId);
RoleMapper.xml映射文件中添加SQL语句
<select id="queryByUserId" resultMap="BaseResultMap">
SELECT <include refid="Base_Column_List"></include>
FROM t_role
WHERE role_id IN (
SELECT role_id
FROM t_user_role
WHERE user_id=#{id})
</select>
4 限制权限
/**
* 分页查询用户信息 当期页 每页显示的条数
* 当期登陆用户需要 "管理员" 角色才能访问
*/
@RequiresRoles("管理员")
@RequestMapping("/queryPage")
public String queryPage(UserDto dto,Model m){
//默认值
if(dto != null){
if( dto.getPageNum() == 0 && dto.getPageSize() == 0){
dto.setPageNum(1);
dto.setPageSize(5);
}
}
PageInfo<User> info = userService.queryPage(dto);
m.addAttribute("pageModel",info);
return "user/user";
}
有权限的访问成功
没有权限的跳哪?
新建一个没有权限的跳转页面
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>无标题文档</title>
<link href="css/style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/jquery.js"></script>
<script language="javascript">
$(function(){
$('.error').css({'position':'absolute','left':($(window).width()-490)/2});
$(window).resize(function(){
$('.error').css({'position':'absolute','left':($(window).width()-490)/2});
})
});
</script>
</head>
<body style="background:#edf6fa;">
<div class="place">
<span>位置:</span>
<ul class="placeul">
<li><a href="#">首页</a></li>
<li><a href="#">404错误提示</a></li>
</ul>
</div>
<div class="error">
<h2>非常遗憾,您访问的页面不存在!</h2>
<p>看到这个提示,就自认倒霉吧!</p>
<div class="reindex"><a href="main.html" target="_parent">返回首页</a></div>
</div>
<div style="display:none"><script src='http://v7.cnzz.com/stat.php?id=155540&web_id=155540' language='JavaScript' charset='gb2312'></script></div>
</body>
</html>
SpringMVC中配置
<!-- 全局异常处理器 -->
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props><!-- 这里可以根据需要定义N个错误异常转发 -->
<prop key="org.apache.shiro.authz.UnauthorizedException">redirect:/refuse.jsp</prop>
</props>
</property>
</bean>