Shiro actual combat tutorial Shiro authorization 04

Others 2021-03-20 22:35:40 views: null

Shiro actual combat tutorial Shiro authorization 04

5.1 Authorization

Authorization, that is, access control, controls who can access which resources. Subjects need to be assigned permissions to access system resources after performing identity authentication. Some resources cannot be accessed without permission.

5.2 Key Objects

Authorization can be simply understood as who performs the How operation on what (which):

Who,即主体(Subject), The subject needs to access the resources in the system.

What,即资源(Resource), Such as system menus, pages, buttons, class methods, system product information, etc. Including resources 资源类型and 资源实例, for example 商品信息为资源类型, the type of goods to t01 资源实例, as the product information number 001 is also a resource instance.

How,权限/许可(Permission), Stipulates the subject's operation permission to the resource. It does not make sense for the permission to leave the resource, such as user query permission, user add permission, call permission of a certain type of method, modification permission of user number 001, etc. Through permissions, you can know which resources the subject has What are the operating permissions.

5.3 Authorization process

5.4 Authorization method

  • Role-based access control

    • RBAC role-based access control (Role-Based Access Control) is based on role-based access control

      if(subject.hasRole("admin")){
   //操作什么资源
}

       

  • Resource-based access control

    • RBAC Resource-Based Access Control is based on resource-based access control

      if(subject.isPermission("user:update:01")){ //资源实例
  //对01用户进行修改
}
if(subject.isPermission("user:update:*")){  //资源类型
  //对01用户进行修改
}

       

5.5 Permission string

The rules of the permission string are: resource identifier: operation: resource instance identifier , which means which instance of which resource has what operation, ":" is the delimiter of resource/operation/instance, permission string can also be used* Wildcard.

example:

  • User creation permission: user:create, or user:create:*

  • User's permission to modify instance 001: user:update:001

  • All permissions of user instance 001: user:*: 001

5.6 Implementation of authorization programming in shiro

  • Programmatic

    Subject subject = SecurityUtils.getSubject();
if(subject.hasRole(“admin”)) {
    //有权限
} else {
    //无权限
}

     

  • Annotation

    @RequiresRoles("admin")
public void hello() {
    //有权限
}

     

  • Tabbed

    JSP/GSP tags: complete through the corresponding tags on the JSP/GSP page:


    <shiro:hasRole name="admin">
    <!— 有权限—>
</shiro:hasRole>
    Note: The use of shiro in Thymeleaf requires additional integration!
  •  

Guess you like

Origin blog.csdn.net/weixin_45442617/article/details/115018001
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com