本文共 3015 字,大约阅读时间需要 10 分钟。
接上
数据库关系图在ShiroUserMapper.xml中新增内容
Service层
SetgetRolesByUserId(@Param("userid") Integer userid); Set getPersByUserId(@Param("userid")Integer userid);
ShiroUserService
//授权 SetgetRolesByUserId(Integer userid); Set getPersByUserId(Integer userid);
ShiroUserServiceImpl
@Override public SetgetRolesByUserId(Integer userid) { return shiroUserMapper.getRolesByUserId(userid); } @Override public Set getPersByUserId(Integer userid) { return shiroUserMapper.getPersByUserId(userid); }
MyRealm
/** * 授权 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("用户授权..."); ShiroUser shiroUser=this.shiroUserService.queryByName(principalCollection.getPrimaryPrincipal().toString());// 当前认证过的用户对应的角色id集合 SetrolesByUserId = shiroUserService.getRolesByUserId(shiroUser.getUserid());// 当前认证过的用户对应的权限id集合 Set persByUserId = shiroUserService.getPersByUserId(shiroUser.getUserid()); AuthorizationInfo info=new SimpleAuthorizationInfo(); ((SimpleAuthorizationInfo)info).setRoles(rolesByUserId); ((SimpleAuthorizationInfo)info).setStringPermissions(persByUserId); return info; }
测试
张三只能看个人密码修改Springmvc.xml 中添加
unauthorized
测试
/** * 身份认证通过才能访问的方法 * @param req * @return */ @RequiresUser @ResponseBody @RequestMapping("/passUser") public String passUser(HttpServletRequest req){ return "passUser ......"; } /** * 角色认证通过才能访问的方法 * @param req * @return */ @RequiresRoles(value = {"2","4"},logical = Logical.OR) @ResponseBody @RequestMapping("/passRole") public String passRole(HttpServletRequest req){ return "passRole ......"; } /** * 权限认证通过才能访问的方法 * @param req * @return */ @RequiresPermissions(value = {"user:load","user:export"},logical = Logical.AND) @ResponseBody @RequestMapping("/passAuth") public String passAuth(HttpServletRequest req){ return "passAuth ......"; }
测试@RequiresUser
@RequiresUser:表示当前Subject已经身份验证或者通过记住我登录的 没有登录测试@RequiresRoles
表示当前Subject需要角色admin和user 测试@RequiresPermissions 表示当前Subject需要权限user:delete等,我的只有admin才能满足条件转载地址:http://purzi.baihongyu.com/