1. Scene Description
(1) access control project is especially enterprise IT projects, it is important not open around the block, then combined under springboot introduce access control framework shiro.
(2) springboot integrated shiro things a bit more, a blog entirely clear presentation a bit strenuous, to be divided into three bars, the first chapter introduces the concepts, principles; The second describes how to establish the code, details shiro framework; Title III combined mybatis, set up to run the project.
2. Solution
2.1 Introduction
The current access control, role-based access control are many companies or enterprises to adopt.
Baidu Encyclopedia introduction, RBAC (abbreviation)
2.2 Roles control principle
Introduced by the database table structure
Description:
Role-based access control, which is based on five fundamental to the table.
This five tables are:
(1) The user table stores the user information.
(2) the role of tables, stored character information, similar to the role the role here of our lives, the role of business in general is: Financial recorded a single member of the financial audit, financial manager, buyer, purchasing managers and so on.
(3) resource table, usually the system menu or other resources.
(4) user role table, many relationships.
(5) the role of resource tables, many relationships.
Process:
(1) a user logs on, check the user name and password are correct;
(2) Get the role corresponding to the user name of the user;
(3) acquired by the resource corresponding character, is returned to the front end.
Common Framework 2.3
Access control based on the above principles, the project team can be achieved through code access control, can also be achieved through the framework, previously used or are using a lot of business in the spring security access control framework, it will usually based on a unified login spring security system (single sign-on), centralized control system consists of a corporate user rights, user rights information to obtain other systems via interfaces.
Previous projects have been using spring security, but the security filter chain or a small number of configuration it is still a little bit of trouble, then listen to others talk about shiro, looked Xiaguan network, checked the relevant information, shiro also under sub-apache project, users also find many, many praised and found a lot simpler than securiy, the effect is similar, follow-up project to switch to the shiro.
2.4 shiro Kai绍
2.4.1 official website
2.4.2 使用方式
通过maven的gav获取jar使用(目前官网最新版本1.4.1)
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>2.4.3 shiro介绍
shiro主要包含六大模块
(1)认证;(2)授权;(3)密码;(4)回话管理;(5)web集成;(6)集成模块
说明:
常用的把(1)和(2)用好就可以了,3-6可以暂时不用管。
其中(1)是登录校验,就是校验用户名和密码是否正确用的模块;(2)是权限控制模块,校验登录用户是否有资源权限。
好了,先到这里,下节开始全程撸码与详细shiro权限控制框架介绍。
I’m 「软件老王」,如果觉得还可以的话,关注下呗,后续更新秒知!欢迎讨论区、同名公众号留言交流!