在我们日常开发项目中,会涉及到很多不同角色拥有不同的功能,新的项目一般用shiro作为权限控制 本人也非常推荐用shiro,一个强大的权限控制框架

强大的权限控制框架: Shiro 1.shiro的一个拦截,可以自定义 package com.oneinlet.component.shiro; import org.apache.shiro.web.filter.authz.AuthorizationFilter; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; public class GuardAuthorizationFilter extends AuthorizationFilter { @Override protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) { return false; } } 2.获取角色,当然可以从数据库中获取,我这里简单一点直接设置

package com.oneinlet.component.shiro;
import com.oneinlet.entity.Role;
import com.oneinlet.service.RoleService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;


public class GuardAuthorizingRealm extends AuthorizingRealm {
private RoleService roleService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

// 从数据库中获取
Set<String> role=new HashSet<>();
role.add("user");
role.add("school");
Set<String> permission=new HashSet<>();
permission.add("deleteUser");
permission.add("deleteSchool");
permission.add("save");
permission.add("select");
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(role);
authorizationInfo.setStringPermissions(permission);
return authorizationInfo;
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
// logger.info("用户验证执行 : "+token.getUsername());
// User user = userService.getByEmail(token.getUsername(),true);
// if(user==null){
// logger.error("用户 { "+token.getUsername()+" } 不存在 ");
// throw new AccountException("账户不存在");
// }
// if(user.getStatus()==0){
// logger.error("用户 { "+token.getUsername()+" } 被禁止登录 ");
// throw new DisabledAccountException("账号已经禁止登录");
// }else{
// user.setUpdated(DateUtils.getNowTimestamp());
// user.setUpdatedAt(DateUtils.getNowFormatDate(null));
// System.out.println("效验更新前ROLE:"+user.getRole().getRId());
// userService.update(user,true,user.getId());
// }
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo("520code","123","getRealm");
return authenticationInfo;
}


// @PostConstruct
// public void initCredentialsMatcher() {
// //该句作用是重写shiro的密码验证,让shiro用我自己的验证
// setCredentialsMatcher(new CredentialsMatcher());
//
// }
}

注释的代码可以勿看

3.我们以登录验证为例

@RequestMapping(value = "/login", method = RequestMethod.POST)
public Object login(@RequestParam("username") String username,
@RequestParam("password") String password){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
token.setRememberMe(true);
subject.login(token);
return setOKResult();
}

这里从前端页面接收的json值 4.再看看前端代码

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<script type="text/javascript" src="../jquery-3.3.1.js"></script>
</head>
<body>
<form >
用户名:<input type="text" name="username" id="username" /><br />
密码:<input type="password" name="password" id="password" /><br />
登录:<input id="sub" type="button" value="确定" />
<label id="msg"></label>
<a href="register.html">注册</a>
</form>
<script type="text/javascript">
$(function () {
$("#sub").click(function () {
$.ajax({
type: 'post',
url: '/user/login',
data: {username:$("#username").val(), password:$("#password").val()},
dataType: 'json',
success: function (data) {
$('#msg').empty();
var html='';
$('#msg').html(html)
}

});
});
});

</script>
</body>
</html>

一个基本的登录验证已经完毕,好我们来测试一下把 5.测试如下: Shiro:有关于shiro的权限控制_java 先输入一个错误的把!!!!! Shiro:有关于shiro的权限控制_权限控制_02 当前显示是没有权限的!!!!!!

我们再输入一个正确的 Shiro:有关于shiro的权限控制_java_03 然后我们再看看结果!!!!! Shiro:有关于shiro的权限控制_apache_04 成功!!!!! 就是这么简单!!!希望对大家有帮助!!