一、shiro授权角色、权限
1、shiro的权限设计图
代码演示
mapper层
ShiroUserMapper.java
ShiroUserMapper.java
/**
* 查询用户对应角色id
* @param userId
* @return
*/
Set<String> getRolesByUserId(@Param("userId") Integer userId);
/**
* 查询用户对应的权限名称集合
* @param userName
* @return
*/
Set<String> getPersByUserId(@Param("userName") Integer userName);
ShiroUserMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.qwf.ssm.mapper.ShiroUserMapper">
<resultMap id="BaseResultMap" type="com.qwf.ssm.model.ShiroUser">
<constructor>
<idArg column="userid" jdbcType="INTEGER" javaType="java.lang.Integer"/>
<arg column="username" jdbcType="VARCHAR" javaType="java.lang.String"/>
<arg column="PASSWORD" jdbcType="VARCHAR" javaType="java.lang.String"/>
<arg column="salt" jdbcType="VARCHAR" javaType="java.lang.String"/>
<arg column="createdate" jdbcType="TIMESTAMP" javaType="java.util.Date"/>
</constructor>
</resultMap>
<sql id="Base_Column_List">
userid, username, PASSWORD, salt, createdate
</sql>
<select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer">
select
<include refid="Base_Column_List"/>
from t_shiro_user
where userid = #{userid,jdbcType=INTEGER}
</select>
<delete id="deleteByPrimaryKey" parameterType="java.lang.Integer">
delete from t_shiro_user
where userid = #{userid,jdbcType=INTEGER}
</delete>
<insert id="insert" parameterType="com.qwf.ssm.model.ShiroUser">
insert into t_shiro_user (userid, username, PASSWORD,
salt, createdate)
values (#{userid,jdbcType=INTEGER}, #{username,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR},
#{salt,jdbcType=VARCHAR}, #{createdate,jdbcType=TIMESTAMP})
</insert>
<insert id="insertSelective" parameterType="com.qwf.ssm.model.ShiroUser">
insert into t_shiro_user
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="userid != null">
userid,
</if>
<if test="username != null">
username,
</if>
<if test="password != null">
PASSWORD,
</if>
<if test="salt != null">
salt,
</if>
<if test="createdate != null">
createdate,
</if>
</trim>
<trim prefix="values (" suffix=")" suffixOverrides=",">
<if test="userid != null">
#{userid,jdbcType=INTEGER},
</if>
<if test="username != null">
#{username,jdbcType=VARCHAR},
</if>
<if test="password != null">
#{password,jdbcType=VARCHAR},
</if>
<if test="salt != null">
#{salt,jdbcType=VARCHAR},
</if>
<if test="createdate != null">
#{createdate,jdbcType=TIMESTAMP},
</if>
</trim>
</insert>
<update id="updateByPrimaryKeySelective" parameterType="com.qwf.ssm.model.ShiroUser">
update t_shiro_user
<set>
<if test="username != null">
username = #{username,jdbcType=VARCHAR},
</if>
<if test="password != null">
PASSWORD = #{password,jdbcType=VARCHAR},
</if>
<if test="salt != null">
salt = #{salt,jdbcType=VARCHAR},
</if>
<if test="createdate != null">
createdate = #{createdate,jdbcType=TIMESTAMP},
</if>
</set>
where userid = #{userid,jdbcType=INTEGER}
</update>
<update id="updateByPrimaryKey" parameterType="com.qwf.ssm.model.ShiroUser">
update t_shiro_user
set username = #{username,jdbcType=VARCHAR},
PASSWORD = #{password,jdbcType=VARCHAR},
salt = #{salt,jdbcType=VARCHAR},
createdate = #{createdate,jdbcType=TIMESTAMP}
where userid = #{userid,jdbcType=INTEGER}
</update>
<select id="queryByName" resultType="com.qwf.ssm.model.ShiroUser" parameterType="java.lang.String">
select
<include refid="Base_Column_List"/>
from t_shiro_user
where userName = #{userName}
</select>
<select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer">
select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r
where u.userid = ur.userid and ur.roleid = r.roleid
and u.userid = #{userid}
</select>
<select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer">
select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p
where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid
and u.userid = #{userid}
</select>
</mapper>
service层
ShiroUserService.java
package com.zzy.ssm.service;
import com.zzy.ssm.model.ShiroUser;
import java.util.Set;
/**
* @author zuo_fan
* @site www.xiaomage.com
* @company azuo公司
* @create 2019-12-08 16:52
*/
public interface ShiroUserService {
public Set<String> getRolesByUserId(Integer userId);
public Set<String> getPersByUserId(Integer userId);
/**
* shiro认证
* @param userName
* @return
*/
ShiroUser queryByName(String userName);
/**
* 注册
* @param record
* @return
*/
public int insert(ShiroUser record);
}
MyRealm.java
package com.zzy.ssm.shrio;
import com.zzy.ssm.model.ShiroUser;
import com.zzy.ssm.service.ShiroUserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.stereotype.Component;
import java.util.Set;
/**
* * 充当了ini文件,也就是数据源
* * 认证的过程
* * 1、数据源 (ini->>数据库)
* * 2、doGetAuthenticationInfo将数据库的用户信息给subject主体做shiro认证的
* * 2.1、需要在当前的realm中调用service来验证,当前用户是否在数据库中存在
* * 2.2、盐加密
* @author zuo_fan
* @site www.xiaomage.com
* @company azuo公司
* @create 2019-12-08 16:52
*
* 替换掉了上堂课的你文件,所有用户的身份
*/
@Component
public class MyRealm extends AuthorizingRealm {
private ShiroUserService shiroUserService;
public ShiroUserService getShiroUserService() {
return shiroUserService;
}
public void setShiroUserService(ShiroUserService shiroUserService) {
this.shiroUserService = shiroUserService;
}
/**
* 授权
*
* shiro每一次访问都会进行权限的访问,安全性能优秀(即使优点也是缺点)
*
* @param
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
System.out.println("进行授权。。。。");
ShiroUser shiroUser = this.shiroUserService.queryByName(principal.getPrimaryPrincipal().toString());
//当前认证过得用户对应角色ID集合
Set<String> rolesByUserId = this.shiroUserService.getRolesByUserId(shiroUser.getUserid());
//当前认证的用户对应的权限ID集合
Set<String> persByUserId = this.shiroUserService.getPersByUserId(shiroUser.getUserid());
AuthorizationInfo info=new SimpleAuthorizationInfo();
((SimpleAuthorizationInfo) info).setRoles(rolesByUserId);
((SimpleAuthorizationInfo) info).setStringPermissions(persByUserId);
return info;
}
/**
* 认证
*
* @param token 从jsp传递过来的用户名,密码组合成的一个token对象
* @return
* @throws AuthenticationException token是controller层传递过来的,也就是说一做登录操作,就会访问这个方法
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//jsp用户名和密码
String userName = token.getPrincipal().toString();
//匹配
ShiroUser shiroUser = this.shiroUserService.queryByName(userName);
//认证
AuthenticationInfo info = new SimpleAuthenticationInfo(
shiroUser.getUsername(),
shiroUser.getPassword(),
ByteSource.Util.bytes(shiroUser.getSalt()),
this.getName()
);
return info;
}
}