在我们日常开发项目中,会涉及到很多不同角色拥有不同的功能,新的项目一般用shiro作为权限控制
本人也非常推荐用shiro,一个强大的权限控制框架
强大的权限控制框架:
Shiro
1.shiro的一个拦截,可以自定义
package com.oneinlet.component.shiro;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class GuardAuthorizationFilter
extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) {
return false; } }
2.获取角色,当然可以从数据库中获取,我这里简单一点直接设置
package com.oneinlet.component.shiro; import com.oneinlet.entity.Role; import com.oneinlet.service.RoleService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Set; public class GuardAuthorizingRealm extends AuthorizingRealm { private RoleService roleService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { // 从数据库中获取 Set<String> role=new HashSet<>(); role.add("user"); role.add("school"); Set<String> permission=new HashSet<>(); permission.add("deleteUser"); permission.add("deleteSchool"); permission.add("save"); permission.add("select"); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.setRoles(role); authorizationInfo.setStringPermissions(permission); return authorizationInfo; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { // UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; // logger.info("用户验证执行 : "+token.getUsername()); // User user = userService.getByEmail(token.getUsername(),true); // if(user==null){ // logger.error("用户 { "+token.getUsername()+" } 不存在 "); // throw new AccountException("账户不存在"); // } // if(user.getStatus()==0){ // logger.error("用户 { "+token.getUsername()+" } 被禁止登录 "); // throw new DisabledAccountException("账号已经禁止登录"); // }else{ // user.setUpdated(DateUtils.getNowTimestamp()); // user.setUpdatedAt(DateUtils.getNowFormatDate(null)); // System.out.println("效验更新前ROLE:"+user.getRole().getRId()); // userService.update(user,true,user.getId()); // } SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo("520code","123","getRealm"); return authenticationInfo; } // @PostConstruct // public void initCredentialsMatcher() { // //该句作用是重写shiro的密码验证,让shiro用我自己的验证 // setCredentialsMatcher(new CredentialsMatcher()); // // } }
注释的代码可以勿看
3.我们以登录验证为例
@RequestMapping(value = "/login", method = RequestMethod.POST) public Object login(@RequestParam("username") String username, @RequestParam("password") String password){ Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(username,password); token.setRememberMe(true); subject.login(token); return setOKResult(); }
这里从前端页面接收的json值
4.再看看前端代码
<!DOCTYPE HTML> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> <script type="text/javascript" src="../jquery-3.3.1.js"></script> </head> <body> <form > 用户名:<input type="text" name="username" id="username" /><br /> 密码:<input type="password" name="password" id="password" /><br /> 登录:<input id="sub" type="button" value="确定" /> <label id="msg"></label> <a href="register.html">注册</a> </form> <script type="text/javascript"> $(function () { $("#sub").click(function () { $.ajax({ type: 'post', url: '/user/login', data: {username:$("#username").val(), password:$("#password").val()}, dataType: 'json', success: function (data) { $('#msg').empty(); var html=''; $('#msg').html(html) } }); }); }); </script> </body> </html>
一个基本的登录验证已经完毕,好我们来测试一下把
5.测试如下:
先输入一个错误的把!!!!!
当前显示是没有权限的!!!!!!
我们再输入一个正确的
然后我们再看看结果!!!!!
成功!!!!!
就是这么简单!!!希望对大家有帮助!!
关注本人微博:李日兴LRX