shiro授权

目录

1、shiro授权角色、权限

1.1、UserMapper

1.2、UserMapper

1.3、UserBiz

1.4、UserBizImpl

1.5、applicationContext-shiro

1.6、Myrealm

2、shiro的注解式开发

2.1、springmvc-servlet

2.2、shiroController


1、shiro授权角色、权限

首先看一下数据库表

shiro授权_第1张图片

 

1.1、UserMapper

package com.ssr.ssm.mapper;

import com.ssr.ssm.model.User;
import org.springframework.stereotype.Repository;

import java.util.Set;

@Repository
public interface UserMapper {
    int deleteByPrimaryKey(Integer userid);

    int insert(User record);

    int insertSelective(User record);

    User selectByPrimaryKey(Integer userid);

    User queryByName(String userName);

    int updateByPrimaryKeySelective(User record);

    int updateByPrimaryKey(User record);

    Set getRolesByUserId(String userName);

    Set getPersByUserId(String userName);
}

1.2、UserMapper




  
    
      
      
      
      
      
    
  
  
    userid, username, password, salt, createdate
  
  
  

  
  


  
    delete from t_shiro_user
    where userid = #{userid,jdbcType=INTEGER}
  
  
    insert into t_shiro_user (userid, username, password, 
      salt, createdate)
    values (#{userid,jdbcType=INTEGER}, #{username,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR}, 
      #{salt,jdbcType=VARCHAR}, #{createdate,jdbcType=TIMESTAMP})
  
  
    insert into t_shiro_user
    
      
        userid,
      
      
        username,
      
      
        password,
      
      
        salt,
      
      
        createdate,
      
    
    
      
        #{userid,jdbcType=INTEGER},
      
      
        #{username,jdbcType=VARCHAR},
      
      
        #{password,jdbcType=VARCHAR},
      
      
        #{salt,jdbcType=VARCHAR},
      
      
        #{createdate,jdbcType=TIMESTAMP},
      
    
  
  
    update t_shiro_user
    
      
        username = #{username,jdbcType=VARCHAR},
      
      
        password = #{password,jdbcType=VARCHAR},
      
      
        salt = #{salt,jdbcType=VARCHAR},
      
      
        createdate = #{createdate,jdbcType=TIMESTAMP},
      
    
    where userid = #{userid,jdbcType=INTEGER}
  
  
    update t_shiro_user
    set username = #{username,jdbcType=VARCHAR},
      password = #{password,jdbcType=VARCHAR},
      salt = #{salt,jdbcType=VARCHAR},
      createdate = #{createdate,jdbcType=TIMESTAMP}
    where userid = #{userid,jdbcType=INTEGER}
  

1.3、UserBiz

package com.ssr.ssm.biz;

import com.ssr.ssm.model.User;

import java.util.Set;

/**
 * @author ssr
 * @create 2022-08-25 18:06
 */
public interface UserBiz {
    int deleteByPrimaryKey(Integer userid);

    int insert(User record);

    int insertSelective(User record);

    User selectByPrimaryKey(Integer userid);

    User queryByName(String userName);

    int updateByPrimaryKeySelective(User record);

    int updateByPrimaryKey(User record);

    Set getRolesByUserId(String userName);

    Set getPersByUserId(String userName);

}

1.4、UserBizImpl

package com.ssr.ssm.biz.impl;

import com.ssr.ssm.biz.UserBiz;
import com.ssr.ssm.mapper.UserMapper;
import com.ssr.ssm.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.Set;

/**
 * @author ssr
 * @create 2022-08-25 18:08
 */
@Service("UserService")
public class UserBizImpl implements UserBiz {
    @Autowired
    private UserMapper userMapper;

    @Override
    public int deleteByPrimaryKey(Integer userid) {
        return userMapper.deleteByPrimaryKey(userid);
    }

    @Override
    public int insert(User record) {
        return userMapper.insert(record);
    }

    @Override
    public int insertSelective(User record) {
        return userMapper.insertSelective(record);
    }

    @Override
    public User selectByPrimaryKey(Integer userid) {
        return userMapper.selectByPrimaryKey(userid);
    }

    @Override
    public User queryByName(String userName) {
        return userMapper.queryByName(userName);
    }

    @Override
    public int updateByPrimaryKeySelective(User record) {
        return userMapper.updateByPrimaryKeySelective(record);
    }

    @Override
    public int updateByPrimaryKey(User record) {
        return userMapper.updateByPrimaryKey(record);
    }

    @Override
    public Set getRolesByUserId(String userName) {
        return userMapper.getRolesByUserId(userName);
    }

    @Override
    public Set getPersByUserId(String userName) {
        return userMapper.getPersByUserId(userName);
    }
}

1.5、applicationContext-shiro




    
    
        
        
        
        
        
        
            
                
                
                
                
                
                
            
        
    

    
    
        
    

    
    
        
        
        
        
        
        
        
        
        
        
            
                
                
                
                
                /user/login=anon
                /user/updatePwd.jsp=authc
                /admin/*.jsp=roles[4]
                /user/teacher.jsp=perms[2]
                
            
        
    

    
    

1.6、Myrealm

package com.ssr.ssm.shiro;

import com.ssr.ssm.biz.UserBiz;
import com.ssr.ssm.model.User;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import java.util.Set;

/**
 * @author ssr
 * @create 2022-08-25 18:16
 */
public class Myrealm extends AuthorizingRealm {
    private UserBiz userBiz;

    public UserBiz getUserBiz() {
        return userBiz;
    }

    public void setUserBiz(UserBiz userBiz) {
        this.userBiz = userBiz;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("用户授权...");
        String username = principals.getPrimaryPrincipal().toString();
        User user = userBiz.queryByName(username);
        Set roles = userBiz.getRolesByUserId(user.getUsername());
        Set pers = userBiz.getPersByUserId(user.getUsername());
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        info.setRoles(roles);
        info.setStringPermissions(pers);
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("身份验证...");
        String username = token.getPrincipal().toString();
        String password = token.getCredentials().toString();
        User user = userBiz.queryByName(username);
        AuthenticationInfo info=new SimpleAuthenticationInfo(
                user.getUsername(),
                user.getPassword(),
                ByteSource.Util.bytes(user.getSalt()),
                this.getName()
        );
        return info;
    }
}

shiro授权_第2张图片

 shiro授权_第3张图片

2、shiro的注解式开发

2.1、springmvc-servlet



    
    
    
    

    
    
    
    

    
    
        
        
        
        
    

    
    
    
    
    

    
    
        
        
        
        
        
        
    

    
    
    
   

    
    
        
            
                
            
        
    
    
       
        
            
                text/html;charset=UTF-8
                text/json;charset=UTF-8
                application/json;charset=UTF-8
            
        
    

    
    
    

    
        
    
    
        
    

    
        
            
                
                    unauthorized
                
            
        
        
    





2.2、shiroController

package com.ssr.ssm.web;

import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.http.HttpServletRequest;

/**
 * @author ssr
 * @create 2022-08-26 19:18
 */
@RequestMapping("/shiro")
@Controller
public class ShiroController {

    @RequiresUser
    @RequestMapping("/passUser")
    public String passUser(HttpServletRequest request){
        System.out.println("身份认证通过..");
        return "admin/addUser";
    }

    @RequiresRoles(value = {"1","4"},logical = Logical.AND)
    @RequestMapping("/passRole")
    public String passRole(HttpServletRequest request){
        System.out.println("角色认证通过..");
        return "admin/addUser";
    }

    @RequiresPermissions(value = {"2"},logical = Logical.AND)
    @RequestMapping("/passPermission")
    public String permission(HttpServletRequest request){
        System.out.println("权限认证通过..");
        return "admin/addUser";
    }
}

shiro授权_第4张图片

shiro授权_第5张图片 

 

你可能感兴趣的:(java,前端,spring)