shiro入门实战笔记(6)--Permission配置
[本系列文章是博主的学习笔记,而非经典教程,特此说明]
在前面的两篇文章中,我们讲述了shiro中关键的用户,角色,权限这三个关键的概念,和与之密切相关的概念。接下来我们来深入学习在权限认证当中的Permission配置。下面讲述的内容,在实际应用中不一定都会用到,请读者按照自己的需求使用即可。具体示例在后续中给出。
-------------------------------------------------------------------------------------------------------------------------------------
正文开始:[官方文档地址:http://shiro.apache.org/permissions.html]
1.字符串通配符配置
a.单个资源单个权限
用法:subject.checkPermissions("update");
b.单个资源多个权限
配置:user:update,user:delete 【等价于user:update,delete】
用法:subject.checkPermissions("user:update","user:delete");
等价于:subject.checkPermissions("user:update,delete");
c.单个资源所有权限
配置:user:query,user:add,user:update,user:delete【等价于user:*】
用法:subject.checkPermissions("user:query","user:add","user:update","user:delete");
等价于:subject.checkPermissions("user:*");
d.所有资源单个权限
配置:*:view
用法:subject.checkPermissions("user:view");
2.实例级别控制
a.单个实例单个权限
配置:user:update:tom
用法:subject.checkPermissions("user:update:tom");
b.单个实例多个权限
配置:user:update,delete:tom
用法:subject.checkPermissions("user:update,delete:tom");
等价于:subject.checkPermissions("user:update:tom","user:deletee:tom");
c.单个实例所有权限
配置:user:*:tom
用法:subject.checkPermissions("user:query:tom","user:add:tom","user:update:tom","user:deletee:tom");
d.所有实例单个权限
配置:user:query:*
用法:subject.checkPermissions("user:query:tom", "user:query:jack");
e.所有实例所有权限
配置:user:*:*
用法:subject.checkPermissions("user:add:tom", "user:delete:jack");
shiro对于缺省字符串的处理规则:
如“user:view”等价于“user:view:*”;而“organization”等价于“organization:*”或者“organization:*:*”。可以这么理解,这种方式实现了前缀匹配。另外如“user:*”可以匹配如“user:delete”、“user:delete”可以匹配如“user:delete:1”、“user:*:1”可以匹配如“user:view:1”、“user”可以匹配“user:view”或“user:view:1”等。即*可以匹配所有,不加*可以进行前缀匹配;但是如“*:view”不能匹配
“system:user:view”,需要使用“*:*:view”,即后缀匹配必须指定前缀(多个冒号就需要多个*来匹配)。
-------------------------------------------------------------------------------------------------------------------------------------
至此,shiro入门实战笔记(6)--Permission配置结束
备注:
上述总结参考官方文档翻译而来,因此,请读者阅读时一定请按照最新的官方文档规范进行配置。
参考资料:
官方文档:http://shiro.apache.org/permissions.html
其他博文:http://jinnianshilongnian.iteye.com/blog/2018936