权限管理
首先从数据库取出权限交给shiro管理
//从数据库拿到权限
List<Permission> permissions=permissionService.findAll();
for (Permission permission : permissions) {
mp.put(permission.getUrl(),"aisellPerms["+permission.getSn()+"]");
}
根据用户的id拿到权限
public interface PermissionRepository extends BaseRepository<Permission,Long> {
@Query("select distinct p.sn from Employee e join e.roles r join r.permissions p where e.id = ?1")
Set<String> findSnByEmp(Long employeeId);
}
public interface IPermissionService extends IBaseService<Permission,Long> {
Set<String> findSnByEmp(Long employeeId);
}
@Service
public class PermissionServiceImpl extends BaseServiceImpl<Permission,Long> implements IPermissionService {
@Autowired
private PermissionRepository permissionRepository;
@Override
public Set<String> findSnByEmp(Long employeeId) {
return permissionRepository.findSnByEmp(employeeId);
}
}
进行权限比对:
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//授权方法
Employee employee = (Employee)principalCollection.getPrimaryPrincipal();
System.out.println(employee);
//根据用户名得到权限代码
//Set<String> permissionsByUsername = getPermissionsByUsername(username);
Set<String> snByEmp = permissionService.findSnByEmp(employee.getId());
//shiro就会自己取进行权限的比较
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setStringPermissions(snByEmp);
return simpleAuthorizationInfo;
}
因为shiro底层判断会返回一个页面所以要判断是否是Ajax请求如果是则返回json
继承PermissionsAuthorizationFilter复写里面的onAccessDenied方法
public class AisellPermssionFilter extends PermissionsAuthorizationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Subject subject = this.getSubject(request, response);
if (subject.getPrincipal()==null){
//没有登录成功后的操作
this.saveRequestAndRedirectToLogin(request, response);
}else{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse)response;
//判断请求是否是ajax请求。如果是ajax请求,直接返回json格式
String header = req.getHeader("X-Requested-With");
if (header!=null&&"XMLHttpRequest".equals(header)){
//返回json格式的数据
resp.setContentType("text/json; charset=UTF-8");
resp.getWriter().print("{\"success\":false,\"msg\":\"没有权限\"}");
}else{
String unauthorizedUrl = this.getUnauthorizedUrl();
if (StringUtils.hasText(unauthorizedUrl)) {
WebUtils.issueRedirect(request, response, unauthorizedUrl);
} else {
WebUtils.toHttp(response).sendError(401);
}
}
}
return false;
}
}
然后告诉applicationContext-shiro.xml用我们自己写的拦截器:
<!-- 定义自定义过滤器-->
<bean id="aisellPermsFilter" class="cn.itsource.shiro.AisellPermssionFilter"></bean>
<!--引用自定义过滤器-->
<property name="filters">
<map>
<entry key="aisellPerms" value-ref="aisellPermsFilter"></entry>
</map>
</property>
如果没有权限就隐藏按钮:
//引用shiro的插件
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!-- 新增修改删除-->
<shiro:hasPermission name="employee:save">
<a href="#" data-method="add" plain="true" class="easyui-linkbutton" iconCls="icon-add">新增</a>
</shiro:hasPermission>
<shiro:hasPermission name="employee:update">
<a href="#" data-method="edit" plain="true" class="easyui-linkbutton" iconCls="icon-edit">修改</a>
</shiro:hasPermission>
<shiro:hasPermission name="employee:delete">
<a href="#" data-method="delete" plain="true" class="easyui-linkbutton" iconCls="icon-remove">删除</a>
</shiro:hasPermission>
menu菜单
创建menu类
package cn.itsource.domain;
import com.fasterxml.jackson.annotation.JsonIgnore;
import javax.persistence.*;
import java.util.ArrayList;
import java.util.List;
@Entity
@Table(name="menu")
public class Menu extends BaseDaomain {
private String name;//菜单名称
private String url; //路径
private String icon; //图标
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name="parent_id")
@JsonIgnore //忽略json 在展示json格式的 parent不会展示出来
private Menu parent;
@Transient //这个是临时属性,不交给jpa管理 ,自己来维护
private List<Menu> children = new ArrayList();
//兼容esayui的菜单树[id:1,text:'xxx']
public String getText(){
return this.name;
}
public List<Menu> getChildren() {
return children;
}
public void setChildren(List<Menu> children) {
this.children = children;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getUrl() {
return url;
}
public void setUrl(String url) {
this.url = url;
}
public String getIcon() {
return icon;
}
public void setIcon(String icon) {
this.icon = icon;
}
public Menu getParent() {
return parent;
}
public void setParent(Menu parent) {
this.parent = parent;
}
}
perission 与menu的关系多对一
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name="menu_id")
private Menu menu;
从数据库拿到子菜单:
public interface MenuRepository extends BaseRepository<Menu,Long> {
//根据用户id 查询菜单--查询所有的子菜单
@Query("select distinct m from Employee e join e.roles er join er.permissions p join p.menu m where e.id = ?1")
List<Menu> findByLoginUser(Long id);
}
public interface IMenuService extends IBaseService<Menu,Long> {
List<Menu> findMenuByLoginUser(Long employeeId);
}
通过子菜单的父id拿到父菜单然后把子菜单放到父菜单里面
@Service
public class MenuServiceImpl extends BaseServiceImpl<Menu,Long> implements IMenuService {
@Autowired
private MenuRepository menuRepository;
//[name{1},children:[2,3,4,5]] list封装
@Override
public List<Menu> findMenuByLoginUser(Long employeeId) {
List<Menu> menus = new ArrayList();
//查询当前用户的所有的子菜单
List<Menu> subMenus = menuRepository.findByLoginUser(employeeId);
//循环子菜单 2,3,4,5 1 (7 8) 6
for (Menu subMenu : subMenus) {
//从子菜单里面拿到父菜单 6
Menu parentMenu = subMenu.getParent();
//判断是否有重复的父菜单没有就添加
if(!menus.contains(parentMenu)) {
//添加父菜单
menus.add(parentMenu);
}
//在父菜单里面添加子菜单
parentMenu.getChildren().add(subMenu);//[1,[2,3,4,5],6 [7,8]]
}
return menus;
}
}
通过controller层返回json数据:
@RequestMapping("/findMenuByUserId")
@ResponseBody
public List<Menu> findMenuByUserId() {
//当前用户ID
Employee employee = (Employee)UserContent.getuser();
return menuService.findMenuByLoginUser(employee.getId());
}
然后将menu菜单界面的地址改为controller的
url:'/util/findMenuByUserId',