本文共 3015 字，大约阅读时间需要 10 分钟。

shiro授权-SSM

接上

数据库关系图

shiro授权角色、权限

在ShiroUserMapper.xml中新增内容

  select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r    where u.userid = ur.userid and ur.roleid = r.roleid    and u.userid = #{userid}  select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p  where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid  and u.userid = #{userid}

Service层

Set
   
     getRolesByUserId(@Param("userid") Integer userid);    Set
    
      getPersByUserId(@Param("userid")Integer userid);
    
   

ShiroUserService

//授权    Set
   
     getRolesByUserId(Integer userid);    Set
    
      getPersByUserId(Integer userid);
    
   

ShiroUserServiceImpl

@Override    public Set
   
     getRolesByUserId(Integer userid) {        return shiroUserMapper.getRolesByUserId(userid);    }    @Override    public Set
    
      getPersByUserId(Integer userid) {        return shiroUserMapper.getPersByUserId(userid);    }
    
   

MyRealm

/**     * 授权     * @param principalCollection     * @return     */    @Override    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {        System.out.println("用户授权...");        ShiroUser shiroUser=this.shiroUserService.queryByName(principalCollection.getPrimaryPrincipal().toString());//        当前认证过的用户对应的角色id集合        Set
   
     rolesByUserId = shiroUserService.getRolesByUserId(shiroUser.getUserid());//        当前认证过的用户对应的权限id集合        Set
    
      persByUserId = shiroUserService.getPersByUserId(shiroUser.getUserid());        AuthorizationInfo info=new SimpleAuthorizationInfo();        ((SimpleAuthorizationInfo)info).setRoles(rolesByUserId);        ((SimpleAuthorizationInfo)info).setStringPermissions(persByUserId);        return info;    }
    
   

测试

张三只能看个人密码修改

Shiro的注解式开发

Springmvc.xml 中添加

       
           
        
       
           
        
       
       
           
                
                     
      
                           unauthorized                
                  
             
            
        
   

测试

/**     * 身份认证通过才能访问的方法     * @param req     * @return     */    @RequiresUser    @ResponseBody    @RequestMapping("/passUser")    public String passUser(HttpServletRequest req){        return "passUser ......";    }    /**     * 角色认证通过才能访问的方法     * @param req     * @return     */    @RequiresRoles(value = {"2","4"},logical = Logical.OR)    @ResponseBody    @RequestMapping("/passRole")    public String passRole(HttpServletRequest req){        return "passRole ......";    }    /**     * 权限认证通过才能访问的方法     * @param req     * @return     */    @RequiresPermissions(value = {"user:load","user:export"},logical = Logical.AND)    @ResponseBody    @RequestMapping("/passAuth")    public String passAuth(HttpServletRequest req){        return "passAuth ......";    }

测试@RequiresUser

@RequiresUser:表示当前Subject已经身份验证或者通过记住我登录的 没有登录

测试@RequiresRoles

表示当前Subject需要角色admin和user

测试@RequiresPermissions 表示当前Subject需要权限user:delete等，我的只有admin才能满足条件

转载地址：http://purzi.baihongyu.com/