码迷,mamicode.com
首页 > 其他好文 > 详细

3. shiro- 权限认证

时间:2020-05-06 11:42:26      阅读:59      评论:0      收藏:0      [点我收藏+]

标签:jquery   ping   ==   ret   成功   ipa   认证   advice   打印   

3. shiro- 权限认证

#在rememberMe的基础上修改CustomizeRealm

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        if (ObjectUtils.isEmpty(principals)){
            throw new UnknownAccountException();
        }
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //从pricipals中获取登入的用户信息
        String username = principals.getPrimaryPrincipal().toString();
        User user = userService.queryUser(username);
        for (Role role : user.getRoles()) {
            //获取角色,并给用户添加角色
            info.addRole(role.getRole());
            for (Perm perm : role.getPerms()) {
                //获取角色对应的权限,并给用户添加权限
                info.addStringPermission(perm.getPerm());
            }
        }
        return info;
    }

#添加一个controller

/**
 * 在访问api时 shiro会根据@RequiresRoles和@RequiresPermission调用doGetAuthorizationInfo()
 */
@Slf4j
@RestController
//如果没有指定method,@RequestMapping会接收所有类型的请求
@RequestMapping("/user")
public class UserController {
    @Autowired
    private IUserService userService;
    @RequiresRoles("admin")
    @RequiresPermissions("user:add")
    @PostMapping
    public String save(User user) {
        userService.save(user);
        return "添加成功";
    }
    @RequiresPermissions("user:delete")
    @RequiresRoles("admin")
    @ResponseBody
    @DeleteMapping("/{id}")
    public String remove(@PathVariable("id") Integer id) {
        userService.removeById(id);
        return "删除成功";
    }
    @RequiresPermissions("user:update")
    //logical.OR表示二者中的一个即可
    @RequiresRoles(value = {"teacher","admin"},logical = Logical.OR)
    @ResponseBody
    @PutMapping
    public String update(User user) {
        userService.updateById(user);
        return "更新成功";
    }
    @RequiresPermissions("user:select")
    @ResponseBody
    @GetMapping
    public List<User> list() {
        List<User> list = userService.list();
        System.out.println(list);
        return list;
    }
    @RequiresPermissions("user:select")
    @RequiresRoles(value = {"teacher","student","admin"},logical = Logical.OR)
    @GetMapping("/{id}")
    public User get(@PathVariable("id") Integer id) {
        //这里调用的只是mybatis-plus封装的方法所以不会打印出集合的信息
        User user = userService.getById(id);
        System.out.println(user);
        return user;
    }
}

#修改yml

  mvc:
    hiddenmethod:
      filter:
        enabled: true

#修改index.html

<!--templates下的只能通过controller访问-->
<a shiro:guest="" th:href="@{/login}">登入</a>

<form shiro:authenticated="" th:action="@{/user}" method="post">
    <input type="text" name="name" placeholder="用户名">
    <br>
    <input type="password" name="password" placeholder="密码">
    <br>
    <input type="submit" value="添加用户">
</form>
<hr>
<form shiro:authenticated="" th:action="@{/user/}" method="post">
    <input type="hidden" name="_method" value="delete">
    <input type="text" name="id" placeholder="id">
    <br>
    <input type="submit" value="删除用户">
</form>
<hr>
<form shiro:authenticated="" th:action="@{/user}" method="post">
    <input type="hidden" name="_method" value="PUT">
    <br>
    <input type="text" name="id" placeholder="id">
    <br>
    <input type="text" name="name" placeholder="用户名">
    <br>
    <input type="password" name="password" placeholder="密码">
    <input type="submit" value="更新用户">
</form>
<hr>
<form shiro:authenticated="" th:action="@{/user}" method="get">
    <input type="submit" value="查询所有用户">
</form>
<hr>
<form shiro:authenticated="" th:action="@{/user/}" method="get">
    <input type="text" name="id" placeholder="id">
    <br>
    <input type="submit" value="查询用户">
</form>
<a th:href="@{/logout}">注销</a>
</body>
<script>
    $("input[type=‘submit‘]").mousedown(function () {
        var parent = $(this).parent();
        var action = parent.attr("action");
        console.log(action);
        var children = parent.children("input[name=‘id‘]");
        //children是一个数组
        if (children.length == 0) {
            return;
        }
        //拼接获取到的值
        var jQuery = parent.attr("action", action + children.val());
        console.log(jQuery)
    });

#添加一个没有权限认证的异常处理器

@ControllerAdvice
public class ShiroHandler {
    @ExceptionHandler(AuthorizationException.class)
    private ModelAndView handleAuthorizationException(AuthorizationException e) {
        HashMap<String, Object> map = new HashMap<>();
        map.put("msg", "你没有权限这么做");
        //如果要自定义传属性到getAttributes()中必须通过这种方法,不能通过@RequestStatus
        map.put("javax.servlet.error.status_code", HttpStatus.FORBIDDEN.value());
        return new ModelAndView("forward:/error", map);
    }
}

相应的错误页面

<body>
<div>[[${msg}]]</div>
<a th:href="@{/index}">首页</a>
</body>

3. shiro- 权限认证

标签:jquery   ping   ==   ret   成功   ipa   认证   advice   打印   

原文地址:https://www.cnblogs.com/kikochz/p/12835306.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!