shiro 使用

时间 2019-12-01

标签 shiro 使用繁體版

原文原文链接

在使用Shiro标签库前，首先须要在JSP引入shiro标签：
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>java

一、介绍Shiro的标签guest标签：验证当前用户是否为“访客”，即未认证（包含未记住）的用户。
<shiro:guest>
Hi there! Please <a href="login.jsp">Login</a> or <a href="signup.jsp">Signup</a> today!
</shiro:guest>web

二、user标签：认证经过或已记住的用户。
<shiro:user>
Welcome back John! Not John? Click <a href="login.jsp">here<a> to login.
</shiro:user>apache

三、authenticated标签：已认证经过的用户。不包含已记住的用户，这是与user标签的区别所在。
<shiro:authenticated>
<a href="updateAccount.jsp">Update your contact information</a>.
</shiro:authenticated>app

四、notAuthenticated标签：未认证经过用户，与authenticated标签相对应。与guest标签的区别是，该标签包含已记住用户。
<shiro:notAuthenticated>
Please <a href="login.jsp">login</a> in order to update your credit card information.
</shiro:notAuthenticated>jsp

五、principal 标签：输出当前用户信息，一般为登陆账号信息。
Hello, <shiro:principal/>, how are you today?ide

六、hasRole标签：验证当前用户是否属于该角色。
<shiro:hasRole name="administrator">
<a href="admin.jsp">Administer the system</a>
</shiro:hasRole>this

七、lacksRole标签：与hasRole标签逻辑相反，当用户不属于该角色时验证经过。
<shiro:lacksRole name="administrator">
Sorry, you are not allowed to administer the system.
</shiro:lacksRole>url

八、hasAnyRole标签：验证当前用户是否属于如下任意一个角色。
<shiro:hasAnyRoles name="developer, project manager, administrator">
You are either a developer, project manager, or administrator.
</shiro:lacksRole>spa

九、hasPermission标签：验证当前用户是否拥有指定权限。
<shiro:hasPermission name="user:create">
<a href="createUser.jsp">Create a new User</a>
</shiro:hasPermission>.net

十、lacksPermission标签：与hasPermission标签逻辑相反，当前用户没有制定权限时，验证经过。
<shiro:hasPermission name="user:create">
<a href="createUser.jsp">Create a new User</a>
</shiro:hasPermission>

=======================================================================================================
1.web.xml 添加shiro入口

    <listener>
        <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
    </listener>
    <context-param>
        <param-name>shiroEnvironmentClass</param-name>
        <param-value>org.apache.shiro.web.env.IniWebEnvironment</param-value>
    </context-param>
    <context-param>
        <param-name>shiroConfigLocations</param-name>
        <param-value>classpath:shiro.ini</param-value>
    </context-param>
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

2.shiro.ini 在src下面添加shiro配置文件
[main]
myRealm=com.aih.plugin.shiro.MyAuthorizingRealm
securityManager.realms=$myRealm
#默认是/login.jsp
authc.loginUrl=/login
roles.unauthorizedUrl=/unauthorized
perms.unauthorizedUrl=/unauthorized
logout.redirectUrl=/login

[urls]
/logout2=logout
/login=anon
/logout=anon
/unauthorized=anon
/static/**=anon
/authenticated=authc

3.自定义角色和用户菜单权限，须要重写realms
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.dodo.framework.helper.BeanHelper;

import com.aih.admin.model.system.Menu;
import com.aih.admin.model.system.Role;
import com.aih.admin.model.system.User;
import com.aih.admin.service.system.MenuService;
import com.aih.admin.service.system.RoleService;
import com.aih.admin.service.system.UserService;

public class MyAuthorizingRealm extends AuthorizingRealm{
   UserService userService=BeanHelper.getBean(UserService.class);
   MenuService menuService =BeanHelper.getBean(MenuService.class);
   RoleService roleService=BeanHelper.getBean(RoleService.class);
   /*
   * 检查用户是否拥有对应菜单的权限
   */
   @Override
   protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
       if (principals == null) {
           throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
       }
       String username = (String) getAvailablePrincipal(principals);
       User user = userService.getUserByLoginName(username);
       if(user!=null){
           SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
           Map<String,String> p=new HashMap<String,String>();
           List<Menu> list =menuService.getList(p);
           for (Menu menu : list){
               if (StringUtils.isNotBlank(menu.getPermission())){
                   // 添加基于Permission的权限信息
                   for (String permission : StringUtils.split(menu.getPermission(),",")){
                       info.addStringPermission(permission);
                   }
               }
           }
           // 添加用户权限
           info.addStringPermission("user");
           // 添加用户角色信息
           List<Role> roles=roleService.getRolesByLoginName(username);
           for (Role role : roles){
               info.addRole(role.getEnname());
           }
           return info;
       }else{
           return null;
       }

   }

   /*
   * 检查用户是否登陆权限
   */
   @SuppressWarnings("unused")
   @Override
   protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token){
       UsernamePasswordToken upToken = (UsernamePasswordToken) token;
       String username = upToken.getUsername();
       if (username == null) {
           throw new AccountException("Null usernames are not allowed by this realm.");
       }
       String password="123";
       if(password==null){
           throw new AccountException("account error...");
       }
       AuthenticationInfo info = new SimpleAuthenticationInfo(username, password, getName());
       return info;
   }

}

4.对应的加上权限代码 Subject subject = SecurityUtils.getSubject(); subject.checkRole("admin"); subject.checkPermission("sys:dict:view");