What's new in the ShiroUserMapper.xml
<select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r where u.userid = ur.userid and ur.roleid = r.roleid and u.userid = #{userid} </select> <select id="getPersByUserId" resultType="java.lang.String"ParameterType ="java.lang.Integer"> select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid and u.userid = #{userid} </select>
Service Layer
com.jt.service package; import com.jt.model.ShiroUser; import org.apache.ibatis.annotations.Param; import java.util.Set; public interface ShiroUserService { ShiroUser queryByName (gparam ( " uname " ) String uname); int insert (ShiroUser record); Set <String> getRolesByUserId (gparam ( " userid " ) Integer userid); Set <String> getPersByUserId (gparam ( " userid " ) Integer userid); }
ShiroUserServiceImpl
package com.jt.service.impl; import com.jt.mapper.ShiroUserMapper; import com.jt.model.ShiroUser; import com.jt.service.ShiroUserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.Set; @Service("shiroUserService") public class ShiroUserServiceImpl implements ShiroUserService { @Autowired private ShiroUserMapper shiroUserMapper; @Override public ShiroUser queryByName(String uname) { return shiroUserMapper.queryByName(uname); } @Override public int insert(ShiroUser record) { return shiroUserMapper.insert(record); } @Override public Set<String> getRolesByUserId(Integer userid) { return shiroUserMapper.getRolesByUserId(userid); } @Override public Set<String> getPersByUserId(Integer userid) { return shiroUserMapper.getPersByUserId(userid); } }
Rewrite the custom realm authorization methods
/** * 授权的方法 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String uname=principalCollection.getPrimaryPrincipal().toString(); ShiroUser shiroUser = this.shiroUserService.queryByName(uname); Set<String> perids= this.shiroUserService.getPersByUserId(shiroUser.getUserid()); Set<String> roleIds= this.shiroUserService.getRolesByUserId(shiroUser.getUserid()); SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); info.setRoles(roleIds); info.setStringPermissions(perids); return info; }
Notes-style development
Common notes Introduction
@RequiresAuthenthentication: Indicates the current Subject has passed login for authentication ; namely Subject.isAuthenticated () returns true
@RequiresUser: Indicates the current Subject has been authenticated by or login Remember me
@RequiresGuest: Indicates the current Subject no authentication or by Remember me logged in before, that is, as a visitor
@RequiresRoles (value = { "admin" , "user"}, logical = Logical.AND): Indicates the current Subject required roles admin and user
@RequiresPermissions (value = { "user: delete", "user: b"}, logical = Logical.OR): Indicates the current Subject needs permission user: delete or user: b
Use annotations
Controller layer
@RequiresUser @ResponseBody @RequestMapping ( " / passUser " ) public String passUser (the HttpServletRequest REQ) { return " , a successful authentication, access to !!! " ; } @RequiresRoles (value = { " 2 " }, = Logical the Logical. the AND) @ResponseBody @ RequestMapping ( " / passRole " ) public String passRole (the HttpServletRequest REQ) { return " , the role of authentication is successful, be able to visit !!! " ; } @RequiresPermissions(value = {"user:update","user:load"},logical = Logical.AND) @ResponseBody @RequestMapping("/passPer") public String passPer(HttpServletRequest req) { return ",权限认证成功,能够访问!!!"; }
springmvc-servlet.xml
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true"></property> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> <property name="exceptionMappings"> <props> <prop key="org.apache.shiro.authz.UnauthorizedException"> unauthorized </prop> </props> </property> <property name="defaultErrorView" value="unauthorized"/> </bean>
Jsp test code
<ul> shiro注解 <li> <a href="${pageContext.request.contextPath}/passUser">用户认证</a> </li> <li> <a href="${pageContext.request.contextPath}/passRole">角色</a> </li> <li> <a href="${pageContext.request.contextPath}/passPer">权限认证</a> </li> </ul>
forecast result
zs can only view content authentication button
LS , WW can see the contents of the certification authority Button
zdm can see the contents of all the buttons