shrio动态修改权限,解决重启
=====================解决重启===================
<bean id="myShiroFilterFactory" class="com.esteel.common.MyShiroFilterFactory">
<property name="filterChainDefinitions">
<value>
/admin/ = anon
/index/ = anon
/index = anon
/login = anon
/logout = logout
/getRandomValidateCode = anon
/verifyCode = anon
/admin/** = anon
/main**=authc
/ui/info**=authc
/ui/listUser**=authc,perms[admin:manage]
/dwzIndex**=authc,perms[admin:manage]
</value>
</property>
</bean>
package com.esteel.common;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.shiro.config.Ini;
import org.apache.shiro.config.Ini.Section;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.mgt.DefaultFilterChainManager;
import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
import org.apache.shiro.web.servlet.AbstractShiroFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.ContextLoader;
import org.springframework.web.context.WebApplicationContext;
import com.esteel.system.bean.OpmMenuitem;
import com.esteel.system.bean.OpmMenuitemlimit;
import com.esteel.system.beanVo.OpmRolelimitVo;
import com.esteel.system.service.OpmMenuitemService;
import com.esteel.system.service.OpmMenuitemlimitService;
import com.esteel.system.service.OpmRolelimitService;
/**
* 自定义shiro过滤器,初始化时从数据库读入url权限
*
* @author 20005
* @createDate 2014-7-23 上午09:38:26
*/
public class MyShiroFilterFactory {
private static Logger logger = LoggerFactory
.getLogger(MyShiroFilterFactory.class);
@Autowired
private ShiroFilterFactoryBean shiroFilter;
@Autowired
private OpmRolelimitService opmRolelimitService;
@Autowired
private OpmMenuitemlimitService opmMenuitemlimitService;
@Autowired
private OpmMenuitemService opmMenuitemService;
private String filterChainDefinitions;
/**
* 初始化时加载filterChainDefinitions
*/
public MyShiroFilterFactory() {
//super();
//chainDefinitionSectionMetaSource.getObject();
// 从数据库中读入URL权限列表
//setFilterChainDefinitionMap(chainDefinitionSectionMetaSource.getObject());
// shiroFilterFactoryBean=this;
}
/**
* 重新加载数据库权限
*
* @author 20005
* @createDate 2014-7-28 下午05:28:04
*/
public void reloadChainDefinitions() {
WebApplicationContext wac = ContextLoader.getCurrentWebApplicationContext();
//ServletContext context = getServletContext();
//WebApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(context);
//System.out.println(myShiroFilte);
AbstractShiroFilter shiroFilter1 = null;
try {
shiroFilter1 = (AbstractShiroFilter) shiroFilter
.getObject();
} catch (Exception e) {
logger.error("getShiroFilter from shiroFilterFactoryBean error!", e);
}
PathMatchingFilterChainResolver filterChainResolver = (PathMatchingFilterChainResolver) shiroFilter1
.getFilterChainResolver();
DefaultFilterChainManager manager = (DefaultFilterChainManager) filterChainResolver
.getFilterChainManager();
// 清空老的权限控制
manager.getFilterChains().clear();
shiroFilter.getFilterChainDefinitionMap().clear();
try {
shiroFilter.setFilterChainDefinitionMap(getObject());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// 重新构建生成
Map<String, String> chains = shiroFilter
.getFilterChainDefinitionMap();
for (Map.Entry<String, String> entry : chains.entrySet()) {
String url = entry.getKey();
String chainDefinition = entry.getValue().trim().replace(" ", "");
manager.createChain(url, chainDefinition);
}
}
// @Autowired
// private ResourceDao resourceDao;
/**
* 默认premission字符串
*/
public static final String PREMISSION_STRING="perms[\"{0}\"]";
public Section getObject() throws BeansException {
//获取所有Resource
List<OpmRolelimitVo> list =new ArrayList<OpmRolelimitVo>();
List<OpmRolelimitVo> listAll =new ArrayList<OpmRolelimitVo>();
list= opmRolelimitService.getRoleLimtContro();
OpmMenuitem item = new OpmMenuitem();
List<OpmMenuitem> items =opmMenuitemService.getMenuItems(item);
OpmMenuitemlimit opmMenuitemlimit = new OpmMenuitemlimit();
List<OpmMenuitemlimit> opmMenuitemlimits =opmMenuitemlimitService.getOpmMenuitemlimit(opmMenuitemlimit);
List<OpmMenuitem> itemsb =new ArrayList<OpmMenuitem>();
List<OpmMenuitemlimit> opmMenuitemlimitsb =new ArrayList<OpmMenuitemlimit>();
Set<String> itms= new HashSet<String>();
Set<String> itmls= new HashSet<String>();
for (Iterator<OpmRolelimitVo> it1 = list.iterator(); it1.hasNext();) {
OpmRolelimitVo resource = it1.next();
if(resource.getMenuitemid()!=null){
//如果不为空值添加到section中
if(!"".equals(resource.getMenuitemid()) &&!"".equals(resource.getMenuitemid())) {
itms.add(resource.getMenuitemid());
}
}
if(resource.getMenuitemlimitid()!=null&&(resource.getMenuitemlimitid()!=null)&&!"".equals(resource.getMenuitemlimitid())){
itmls.add(resource.getMenuitemlimitid());
}
}
for(String im :itms){
OpmMenuitem o = new OpmMenuitem();
o.setId(im);
itemsb.add(o);
}
for(String im :itmls){
OpmMenuitemlimit o = new OpmMenuitemlimit();
o.setId(im);
opmMenuitemlimitsb.add(o);
}
items.removeAll(itemsb);
opmMenuitemlimits.removeAll(opmMenuitemlimitsb);
Ini ini = new Ini();
//加载默认的url
ini.load(filterChainDefinitions);
Ini.Section section = ini.getSection(Ini.DEFAULT_SECTION_NAME);
//循环Resource的url,逐个添加到section中。section就是filterChainDefinitionMap,
//里面的键就是链接URL,值就是存在什么条件才能访问该链接
Map<String,Set<String>> mapr = new HashMap<String,Set<String>>();
Set<String> roleIds=null;
Set<String> mlroleIds=null;
if(list!=null&&list.size()>0){
for(OpmRolelimitVo r :list){
roleIds=new HashSet<String>();
mlroleIds=new HashSet<String>();
for (Iterator<OpmRolelimitVo> it = list.iterator(); it.hasNext();) {
OpmRolelimitVo resource = it.next();
if(r.getMenuitemid().equals(resource.getMenuitemid())){
//如果不为空值添加到section中
if(!"".equals(resource.getMenuitemid()) &&!"".equals(resource.getMenuitemid())) {
roleIds.add(resource.getRoleid());
}
}
if(r.getMenuitemlimitid()!=null&&resource.getMenuitemlimitid()!=null&&(r.getMenuitemlimitid().equals(resource.getMenuitemlimitid()))){
mlroleIds.add(resource.getRoleid());
}
}
//这里可以直接转set用section
mapr.put(r.getMuri(), roleIds);
mapr.put(r.getMluri(), mlroleIds);
}
}
StringBuffer au=null;
String st="";
for(Map.Entry<String, Set<String>> en:mapr.entrySet()){
au = new StringBuffer();
au.append("authc,role[");
for(String a :en.getValue()){
au.append("\""+a+"\",");
}
String strau=au.substring(0,au.lastIndexOf(","));
strau+="]";
st+=en.getKey()+">>>>"+strau+"\n";
section.put(en.getKey()+"**",strau);
}
// section.put("dwzIndex", MessageFormat.format(PREMISSION_STRING, "authc,perms[admin:manage]"));格式错了
//
// section.put(resource.getMenuitemid(), MessageFormat.format(PREMISSION_STRING, resource.getMenuitemid()));
// section.put("/system/tbBasBed/list**","authc,perms[admin:manage]");
System.out.println(st);
for(OpmMenuitem i: items){
section.put(i.getUri()+"**","authc,role[tempr]");
}
for(OpmMenuitemlimit i: opmMenuitemlimits){
section.put(i.getUri()+"**","authc,role[tempr]");
}
return section;
}
/**
* 通过filterChainDefinitions对默认的url过滤定义
*
* @param filterChainDefinitions 默认的url过滤定义
*/
public void setFilterChainDefinitions(String filterChainDefinitions) {
this.filterChainDefinitions = filterChainDefinitions;
}
public Class<?> getObjectType() {
return this.getClass();
}
public boolean isSingleton() {
return false;
}
}
@Controller
public class OpmRoleController extends BaseController {
@Autowired
private MyShiroFilterFactory myShiroFilterFactory;
@SuppressWarnings("unused")
@RequestMapping(value = "/system/opmRole/update", method = RequestMethod.POST)
public ModelAndView opmUpdate(OpmRole opmRole,HttpServletRequest request,Model modle) throws Exception {
int flag=0;
OpmMenufolder folder = new OpmMenufolder();
folder.setParentid("100000");
List<OpmMenufolder> opmMenufolders= opmMenufolderService.getOpmMenufolder(folder);
String[] a=new String[]{};
List<String> list = new ArrayList<String>();
try{
for(OpmMenufolder o: opmMenufolders){
a=request.getParameterValues(o.getId());
if(a==null||"".equals(a)){
continue;
}
list.addAll(Arrays.asList(a));
}
Map<String,Object> param = new HashMap<String,Object>();
OpmRolelimit opmLimt = new OpmRolelimit();
String org= opmRole.getOrganid();
flag = opmRoleService.updateRole(opmRole, list);
//
myShiroFilterFactory.reloadChainDefinitions();
return ajaxDoneOpm("/commonuntil/ajaxDone",200,"操作成功!","opmRoleNavUi","/system/opmRole/editUi","closeCurrent");
}catch (Exception e){
return ajaxDoneOpm("/commonuntil/ajaxDone",300,"添加失败!","opmRoleNavUi","/system/opmRole/editUi","closeCurrent");
//throw new Exception("操作失败!");
}
}
}
////////////////////////////////动态加载权限//////////////////////////
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/ui/login.jsp" />
<property name="successUrl" value="/ui/dwzIndex.jsp" />
<property name="unauthorizedUrl" value="/ui/accessDenied.jsp" />
<property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" />
<property name="filters">
<map>
<entry key="authc" value-ref="authenticationFilter" />
<entry key="role" value-ref="roleAuthorizationFilter" />
</map>
</property>
</bean>
<bean id="chainDefinitionSectionMetaSource" class="com.esteel.common.ChainDefinitionSectionMetaSource">
<property name="filterChainDefinitions">
<value>
/admin/ = anon
/index/ = anon
/index = anon
/login = anon
/logout = logout
/getRandomValidateCode = anon
/verifyCode = anon
/admin/** = anon
/main**=authc
/ui/info**=authc
/ui/listUser**=authc,perms[admin:manage]
/dwzIndex**=authc,perms[admin:manage]
</value>
</property>
</bean>
package com.esteel.common;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.shiro.config.Ini;
import org.apache.shiro.config.Ini.Section;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Controller;
import com.esteel.system.bean.OpmMenuitem;
import com.esteel.system.bean.OpmMenuitemlimit;
import com.esteel.system.beanVo.OpmRolelimitVo;
import com.esteel.system.service.OpmMenuitemService;
import com.esteel.system.service.OpmMenuitemlimitService;
import com.esteel.system.service.OpmRolelimitService;
public class ChainDefinitionSectionMetaSource implements FactoryBean<Ini.Section>{
// @Autowired
// private ResourceDao resourceDao;
@Autowired
private OpmRolelimitService opmRolelimitService;
@Autowired
private OpmMenuitemlimitService opmMenuitemlimitService;
@Autowired
private OpmMenuitemService opmMenuitemService;
private String filterChainDefinitions;
/**
* 默认premission字符串
*/
public static final String PREMISSION_STRING="perms[\"{0}\"]";
public Section getObject() throws BeansException {
//获取所有Resource
List<OpmRolelimitVo> list =new ArrayList<OpmRolelimitVo>();
List<OpmRolelimitVo> listAll =new ArrayList<OpmRolelimitVo>();
list= opmRolelimitService.getRoleLimtContro();
OpmMenuitem item = new OpmMenuitem();
List<OpmMenuitem> items =opmMenuitemService.getMenuItems(item);
OpmMenuitemlimit opmMenuitemlimit = new OpmMenuitemlimit();
List<OpmMenuitemlimit> opmMenuitemlimits =opmMenuitemlimitService.getOpmMenuitemlimit(opmMenuitemlimit);
List<OpmMenuitem> itemsb =new ArrayList<OpmMenuitem>();
List<OpmMenuitemlimit> opmMenuitemlimitsb =new ArrayList<OpmMenuitemlimit>();
Set<String> itms= new HashSet<String>();
Set<String> itmls= new HashSet<String>();
for (Iterator<OpmRolelimitVo> it1 = list.iterator(); it1.hasNext();) {
OpmRolelimitVo resource = it1.next();
if(resource.getMenuitemid()!=null){
//如果不为空值添加到section中
if(!"".equals(resource.getMenuitemid()) &&!"".equals(resource.getMenuitemid())) {
itms.add(resource.getMenuitemid());
}
}
if(resource.getMenuitemlimitid()!=null&&(resource.getMenuitemlimitid()!=null)&&!"".equals(resource.getMenuitemlimitid())){
itmls.add(resource.getMenuitemlimitid());
}
}
for(String im :itms){
OpmMenuitem o = new OpmMenuitem();
o.setId(im);
itemsb.add(o);
}
for(String im :itmls){
OpmMenuitemlimit o = new OpmMenuitemlimit();
o.setId(im);
opmMenuitemlimitsb.add(o);
}
items.removeAll(itemsb);
opmMenuitemlimits.removeAll(opmMenuitemlimitsb);
Ini ini = new Ini();
//加载默认的url
ini.load(filterChainDefinitions);
Ini.Section section = ini.getSection(Ini.DEFAULT_SECTION_NAME);
//循环Resource的url,逐个添加到section中。section就是filterChainDefinitionMap,
//里面的键就是链接URL,值就是存在什么条件才能访问该链接
Map<String,Set<String>> mapr = new HashMap<String,Set<String>>();
Set<String> roleIds=null;
Set<String> mlroleIds=null;
if(list!=null&&list.size()>0){
for(OpmRolelimitVo r :list){
roleIds=new HashSet<String>();
mlroleIds=new HashSet<String>();
for (Iterator<OpmRolelimitVo> it = list.iterator(); it.hasNext();) {
OpmRolelimitVo resource = it.next();
if(r.getMenuitemid().equals(resource.getMenuitemid())){
//如果不为空值添加到section中
if(!"".equals(resource.getMenuitemid()) &&!"".equals(resource.getMenuitemid())) {
roleIds.add(resource.getRoleid());
}
}
if(r.getMenuitemlimitid()!=null&&resource.getMenuitemlimitid()!=null&&(r.getMenuitemlimitid().equals(resource.getMenuitemlimitid()))){
mlroleIds.add(resource.getRoleid());
}
}
//这里可以直接转set用section
mapr.put(r.getMuri(), roleIds);
mapr.put(r.getMluri(), mlroleIds);
}
}
StringBuffer au=null;
String st="";
for(Map.Entry<String, Set<String>> en:mapr.entrySet()){
au = new StringBuffer();
au.append("authc,role[");
for(String a :en.getValue()){
au.append("\""+a+"\",");
}
String strau=au.substring(0,au.lastIndexOf(","));
strau+="]";
st+=en.getKey()+">>>>"+strau+"\n";
section.put(en.getKey()+"**",strau);
}
// section.put("dwzIndex", MessageFormat.format(PREMISSION_STRING, "authc,perms[admin:manage]"));格式错了
//
// section.put(resource.getMenuitemid(), MessageFormat.format(PREMISSION_STRING, resource.getMenuitemid()));
// section.put("/system/tbBasBed/list**","authc,perms[admin:manage]");
System.out.println(st);
for(OpmMenuitem i: items){
section.put(i.getUri()+"**","authc,role[tempr]");
}
for(OpmMenuitemlimit i: opmMenuitemlimits){
section.put(i.getUri()+"**","authc,role[tempr]");
}
return section;
}
/**
* 通过filterChainDefinitions对默认的url过滤定义
*
* @param filterChainDefinitions 默认的url过滤定义
*/
public void setFilterChainDefinitions(String filterChainDefinitions) {
this.filterChainDefinitions = filterChainDefinitions;
}
public Class<?> getObjectType() {
return this.getClass();
}
public boolean isSingleton() {
return false;
}
}