1. Shiro authorization roles and permissions
2. Shiro’s annotation development
shiro permission ideas
span>
authorization
Define two methods in ShiroUserMapper
// Query role by user ID
Set getRolesByUserId(Integer userId);
// Query permissions by user ID
Set getPersByUserId(Integer userId);
Add new content in ShiroUserMapper.xml
<select id="getRolesByUserId" resultType= "java.lang.String" parameterType="java.lang.Integer" >
select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r
where u.userid = ur.userid and ur.roleid = r .roleid
and u.userid = #{userId}
select>
<select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer">
select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p
where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid
and u.userid = #{userId}
select>
Service layer
package com.liuwenwu.service.impl;
import com.liuwenwu.mapper.ShiroUserMapper;
import com.liuwenwu.model.ShiroUser;
import com.liuwenwu.service.ShiroUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.Set;
/**
* @author LWW
* @site www.lww.com
* @company
* @create 2019-10-13 16:14
*/
@Service("shiroUserService")
public class ShiroUserServiceImpl implements ShiroUserService {
@Autowired
private ShiroUserMapper shiroUserMapper;
@Override
public ShiroUser queryByName(String uname) {
return shiroUserMapper.queryByName(uname);
}
/**
* Add user
* @param record
* @return
*/
@Override
public int insert(ShiroUser record) {
return shiroUserMapper.insert(record);
}
/**
* Query role by user ID
* @param userId
* @return
*/
@Override
public Set getRolesByUserId(Integer userId) {
return shiroUserMapper.getRolesByUserId(userId);
}
/**
* Query permissions by user ID
* @param userId
* @return
*/
@Override
public Set getPersByUserId(Integer userId) {
return shiroUserMapper.getPersByUserId(userId); }
}
ShiroUserServiceImpl
< div class="code">
package com.liuwenwu.service.impl;
import com.liuwenwu.mapper.ShiroUserMapper;
import com.liuwenwu.model.ShiroUser;
import com.liuwenwu.service.ShiroUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.Set;
/**
* @author LWW
* @site www.lww.com
* @company
* @create 2019-10-13 16:14
*/
@Service("shiroUserService")
public class ShiroUserServiceImpl implements ShiroUserService {
@Autowired
private ShiroUserMapper shiroUserMapper;
@Override
public ShiroUser queryByName(String uname) {
return shiroUserMapper.queryByName(uname);
}
/**
* Add user
* @param record
* @return
*/
@Override
public int insert(ShiroUser record) {
return shiroUserMapper.insert(record);
}
/**
* Query role by user ID
* @param userId
* @return
*/
@Override
public Set getRolesByUserId(Integer userId) {
return shiroUserMapper.getRolesByUserId(userId);
}
/**
* Query permissions by user ID
* @param userId
* @return
*/
@Override
public Set getPersByUserId(Integer userId) {
return shiroUserMapper.getPersByUserId(userId); }
}
Rewrite custom authorization method in MyRealm
/**
* Authorization
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// currently logged in user
ShiroUser shiroUser = this.shiroUserService.queryByName(principals.getPrimaryPrincipal().toString() );
Set rolrids = this.shiroUserService.getRolesByUserId(shiroUser. getUserid());
Set perdis = this.shiroUserService.getPersByUserId(shiroUser. getUserid());
SimpleAuthorizationInfo info =new SimpleAuthorizationInfo();
info.setRoles(rolrids);
info.setStringPermissions(perdis);
return info;
}
Annotation development
Introduction to common annotations< /strong>
@RequiresAuthenthentication: Indicates that the current Subject has been authenticated by login; that is, Subject. isAuthenticated() returns true
@RequiresUser: indicates that the current subject has been authenticated or logged in through remember me< /p>
@RequiresGuest: indicates that the current subject has no identity verification or has logged in by remembering me, that is, it is a tourist identity
@RequiresRoles(value = {“admin”,”user”},logical = Logical.AND): Indicates that the current Subject needs the roles admin and user p>
@RequiresPermissions(value = {“user:delete”,”user:b”},logical = Logical.OR): Indicates that the current Subject needs permission user :delete or user:b
ShiroUserController
/**
* Notes on identity authentication
* @param req
* @param resp
* @return
*/
@RequiresUser
@RequestMapping("/passUser")
public String passUser(HttpServletRequest req, HttpServletResponse resp){
return "admin/addUser";
}
/**
* Notes on role authentication
* @param req
* @param resp
* @return
* The current method must have a role ID of 1, 4 at the same time to be accessed
*/
@RequiresRoles(value = {"1","4 "},logical = Logical.OR)
@RequestMapping("/passRole")
public String passPole(HttpServletRequest req, HttpServletResponse resp){
return "admin/listUser";
}
/**
* Notes on authorization
* @param req
* @param resp
* @return
*/
@RequiresPermissions(value = {"user:update ","user:view "},logical = Logical.OR)
@RequestMapping("/passPer")
public String passPer(HttpServletRequest req, HttpServletResponse resp){
return "admin/resetPwd";
}
springmvc-servlet.xml
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator "
depends-on="lifecycleBeanPostProcessor">
"proxyTargetClass" value="true">
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
"securityManager" ref="securityManager"/>
"exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
"exceptionMappings">
"org.apache.shiro.authz.UnauthorizedException ">
unauthorized
"defaultErrorView" value="unauthorized"/>
main.jsp
Effect: If the verification fails, it will jump to the unauthorized.jsp page pre> Passed verification:
// Query role by user ID
Set getRolesByUserId(Integer userId);
// Query permissions by user ID
Set getPersByUserId(Integer userId);
<select id="getRolesByUserId" resultType ="java.lang.String" parameterType="java.lang.Integer">
select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r
where u.userid = ur.userid and ur.roleid = r .roleid
and u.userid = #{userId}
select>
<select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer">
select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p
where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid
and u.userid = #{userId}
select>
package com.liuwenwu.service.impl;
import com.liuwenwu.mapper.ShiroUserMapper;
import com.liuwenwu.model.ShiroUser;
import com.liuwenwu.service.ShiroUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.Set;
/**
* @author LWW
* @site www.lww.com
* @company
* @create 2019-10-13 16:14
*/
@Service("shiroUserService")
public class ShiroUserServiceImpl implements ShiroUserService {
@Autowired
private ShiroUserMapper shiroUserMapper;
@Override
public ShiroUser queryByName(String uname) {
return shiroUserMapper.queryByName(uname);
}
/**
* Add user
* @param record
* @return
*/
@Override
public int insert(ShiroUser record) {
return shiroUserMapper.insert(record);
}
/**
* Query role by user ID
* @param userId
* @return
*/
@Override
public Set getRolesByUserId(Integer userId) {
return shiroUserMapper.getRolesByUserId(userId);
}
/**
* Query permissions by user ID
* @param userId
* @return
*/
@Override
public Set getPersByUserId(Integer userId) {
return shiroUserMapper.getPersByUserId(userId); }
}
package com.liuwenwu.service.impl;
import com.liuwenwu.mapper.ShiroUserMapper;
import com.liuwenwu.model.ShiroUser;
import com.liuwenwu.service.ShiroUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.Set;
/**
* @author LWW
* @site www.lww.com
* @company
* @create 2019-10-13 16:14
*/
@Service("shiroUserService")
public class ShiroUserServiceImpl implements ShiroUserService {
@Autowired
private ShiroUserMapper shiroUserMapper;
@Override
public ShiroUser queryByName(String uname) {
return shiroUserMapper.queryByName(uname);
}
/**
* Add user
* @param record
* @return
*/
@Override
public int insert(ShiroUser record) {
return shiroUserMapper.insert(record);
}
/**
* Query role by user ID
* @param userId
* @return
*/
@Override
public Set getRolesByUserId(Integer userId) {
return shiroUserMapper.getRolesByUserId(userId);
}
/**
* Query permissions by user ID
* @param userId
* @return
*/
@Override
public Set getPersByUserId(Integer userId) {
return shiroUserMapper.getPersByUserId(userId); }
}
/**
* Authorization
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// currently logged in user
ShiroUser shiroUser = this.shiroUserService.queryByName(principals.getPrimaryPrincipal().toString() );
Set rolrids = this.shiroUserService.getRolesByUserId(shiroUser. getUserid());
Set perdis = this.shiroUserService.getPersByUserId(shiroUser. getUserid());
SimpleAuthorizationInfo info =new SimpleAuthorizationInfo();
info.setRoles(rolrids);
info.setStringPermissions(perdis);
return info;
}
/**
* Notes on identity authentication
* @param req
* @param resp
* @return
*/
@RequiresUser
@RequestMapping("/passUser")
public String passUser(HttpServletRequest req, HttpServletResponse resp){
return "admin/addUser";
}
/**
* Notes on role authentication
* @param req
* @param resp
* @return
* The current method must have a role ID of 1, 4 at the same time to be accessed
*/
@RequiresRoles(value = {"1","4 "},logical = Logical.OR)
@RequestMapping("/passRole")
public String passPole(HttpServletRequest req, HttpServletResponse resp){
return "admin/listUser";
}
/**
* Notes on authorization
* @param req
* @param resp
* @return
*/
@RequiresPermissions(value = {"user:update ","user:view "},logical = Logical.OR)
@RequestMapping("/passPer")
public String passPer(HttpServletRequest req, HttpServletResponse resp){
return "admin/resetPwd";
}
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
"proxyTargetClass" value="true">
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
"securityManager" ref="securityManager"/>
"exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
"exceptionMappings">
"org.apache.shiro.authz.UnauthorizedException">
unauthorized
"defaultErrorView" value="unauthorized"/>