Shiro授权&注解式开发—SSM

发布于:2023-01-04 ⋅ 阅读:(712) ⋅ 点赞:(0)

目录

一.shiro授权角色,权限

授角色:用户具备哪些角色

授权限:用户具备哪些权限

1.1 Mapper层,Servlce层

1.2 授权的方法

           ​编辑

 测试:

二,Shiro的注解式开发

一.shiro授权角色,权限

数据库表中的数据

13704010feab47eb83a7901726996556.png

授角色:用户具备哪些角色

sql查询语句:

elect r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r
    where u.userid = ur.userid and ur.roleid = r.roleid
    and u.username = #{userName}

授权限:用户具备哪些权限

sql查询语句:

select p.perid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p
  where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid
  and u.username = #{userName}

1.1 Mapper层,Servlce层

UserMapper.xml

角色
<select id="selectRoleIdsByUserName" resultType="java.lang.String" parameterType="java.lang.String">
  select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r
    where u.userid = ur.userid and ur.roleid = r.roleid
    and u.username = #{userName}
</select>
权限
  <select id="selectParIdsByUserName" resultType="java.lang.String" parameterType="java.lang.String">
  select p.perid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p
  where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid
  and u.username = #{userName}
</select>

 UserMapper

package com.ljj.ssm.mapper;
 
import com.ljj.ssm.model.User;
import org.apache.ibatis.annotations.Param;
import org.springframework.stereotype.Repository;
 
import java.util.Set;
 
@Repository
public interface UserMapper {
    int deleteByPrimaryKey(Integer userid);
 
    int insert(User record);
 
    int insertSelective(User record);
 
    User selectByPrimaryKey(Integer userid);
    //通过 账户名 查询用户信息
    User queryUserByUserName(@Param("userName") String userName);
 
    //通过 账户名 查询对应的角色信息
     Set<String> selelctRoleIdsByUserName(@Param("userName") String userName);
 
     //通过 账户名 查询对应的权限信息
     Set<String> selelctPerIdsByUserName(@Param("userName") String userName);
 
    int updateByPrimaryKeySelective(User record);
 
    int updateByPrimaryKey(User record);
}

UserBiz:

package com.ljj.ssm.biz;
 
import com.ljj.ssm.model.User;
 
import java.util.Set;
 
public interface UserBiz {
    int deleteByPrimaryKey(Integer userid);
 
    int insert(User record);
 
    int insertSelective(User record);
 
    User selectByPrimaryKey(Integer userid);
 
    User queryUserByUserName(String userName);
 
    int updateByPrimaryKeySelective(User record);
 
    int updateByPrimaryKey(User record);
 
    //通过 账户名 查询对应的角色信息
    Set<String> selelctRoleIdsByUserName(String userName);
 
    //通过 账户名 查询对应的权限信息
    Set<String> selelctPerIdsByUserName(String userName);
}

UserBizImpl:

package com.ljj.ssm.biz.impl;
 
import com.ljj.ssm.biz.UserBiz;
import com.ljj.ssm.mapper.UserMapper;
import com.ljj.ssm.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
 
import java.util.Set;
 
@Service("userBiz")
public class UserBizImpl implements UserBiz {
    @Autowired
    private UserMapper userMapper;
 
    @Override
    public int deleteByPrimaryKey(Integer userid) {
        return userMapper.deleteByPrimaryKey(userid);
    }
 
    @Override
    public int insert(User record) {
        return userMapper.insert(record);
    }
 
    @Override
    public int insertSelective(User record) {
        return userMapper.insertSelective(record);
    }
 
    @Override
    public User selectByPrimaryKey(Integer userid) {
        return userMapper.selectByPrimaryKey(userid);
    }
 
    @Override
    public User queryUserByUserName(String userName) {
        return userMapper.queryUserByUserName(userName);
    }
 
    @Override
    public int updateByPrimaryKeySelective(User record) {
        return userMapper.updateByPrimaryKeySelective(record);
    }
 
    @Override
    public int updateByPrimaryKey(User record) {
        return userMapper.updateByPrimaryKey(record);
    }
 
    @Override
    public Set<String> selelctRoleIdsByUserName(String userName) {
        return userMapper.selelctRoleIdsByUserName(userName);
    }
 
    @Override
    public Set<String> selelctPerIdsByUserName(String userName) {
        return userMapper.selelctPerIdsByUserName(userName);
    }
}

1.2 授权的方法

/**
     * 授权
     * @param principals
     * @return
     * 这个方法替代了shiro-web.ini
     * 菜单
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//       获取账户名
        String userName = principals.getPrimaryPrincipal().toString();
//        查询对应的角色
        Set<String> role = userBiz.selelctRoleIdsByUserName(userName);
//        查询用户对应的权限
        Set<String> per = userBiz.selelctPerIdsByUserName(userName);
//       拿到授权器
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//         将当前的登录的权限交给shiro授权器
        info.setStringPermissions(per);
//        将当前的登录的角色交给shiro授权器
        info.setRoles(role);
        return info;
    }

applicationContext-shiro.xml配置文件中对我们角色进行修改 因为我们sql查询出来的是id

 只有角色为4的才可访问

只有权限含2的才可访问

 测试:

角色授权:

使用张三登陆,张三角色为1

访问页面:

 结果:

 使用角色为4 的zdm登陆

 访问同样的界面

 权限授权:

继续使用zdm访问权限限制的页面 zdm角色无2权限

 结果:

 使用含有2权限的ls进行登陆和访问:

 访问:

授权操作成功!!!

二,Shiro的注解式开发

常用注解介绍: 

@RequiresAuthenthentication:表示当前Subject已经通过login进行身份验证;即 Subject.isAuthenticated()返回 true
  @RequiresUser:表示当前Subject已经身份验证或者通过记住我登录的
  @RequiresGuest:表示当前Subject没有身份验证或者通过记住我登录过,即是游客身份
  @RequiresRoles(value = {"admin","user"},logical = Logical.AND):表示当前Subject需要角色admin和user
  @RequiresPermissions(value = {"user:delete","user:b"},logical = Logical.OR):表示当前Subject需要权限user:delete或者user:b

今天只使用以下两个注解

 @RequiresRoles(value = {"admin","user"},logical = Logical.AND):表示当前Subject需要角色admin和user
  @RequiresPermissions(value = {"user:delete","user:b"},logical = Logical.OR):表示当前Subject需要权限user:delete或者user:b

 Springmvc-servlet.xml

<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
      depends-on="lifecycleBeanPostProcessor">
    <property name="proxyTargetClass" value="true"></property>
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager"/>
</bean>
 
<bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
    <property name="exceptionMappings">
        <props>
            <prop key="org.apache.shiro.authz.UnauthorizedException">
                unauthorized
            </prop>
        </props>
    </property>
    <property name="defaultErrorView" value="unauthorized"/>
</bean>

ShiroController: 

将对应注解添加到制定需要权限控制的方法上
身份认证:RequiresUser
角色认证:RequiresRoles
权限认证:RequiresPermissions

添加注解之前要在springmvc.xml中添加拦截器相关配置

package com.ljj.ssm.controller;
 
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
 
import javax.servlet.http.HttpServletRequest;


@RequestMapping("/shiro")
@Controller
public class ShiroController {
 
//    RequiresUser代表当前方法只有登录后才能访问
    @RequiresUser
    @RequestMapping("/passUser")
    public String passUser(HttpServletRequest request){
        System.out.println("身份认证通过....");
        return "admin/addUser";
    }
 
    @RequiresRoles(value = {"1","4"},logical = Logical.AND)
    @RequestMapping("/passRole")
    public String passRole(HttpServletRequest request){
        System.out.println("角色认证通过....");
        return "admin/listUser";
    }
 
    @RequiresPermissions(value = {"2"},logical = Logical.AND)
    @RequestMapping("/passPer")
    public String passPer(HttpServletRequest request){
        System.out.println("权限认证通过....");
        return "admin/resetPwd";
    }
 
  
 
}
本文含有隐藏内容,请 开通VIP 后查看

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布