⼗⼆、Shiro使⽤数据库表配置权限
Shiro作为权限控制框架,权限信息需要开发⼈员维护到数据库中,系统管理员根据需要将这些权限分配使⽤者,系统需要提供功能⽅便开发⼈员添加模块权限,系统管理员将权限分配给⾓⾊,再将⾓⾊分配给⽤户,⽤户登录系统时就可以使⽤⾃⼰分配的权限了。
Shiro硬编码测试权限过滤
GfShiroRealm中的权限过滤⽅法
//⾓⾊权限和对应权限添加
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection)
{
//获取登录⽤户名
String loginId= (String) PrimaryPrincipal();
//查询⽤户名称
IUser user = UserByLoginId(loginId);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//判断是否为超级管理员
//  if(IConstants.I_SYSTEM_USERID.Id()))
//  {
//  for (Permission AdminPerm()) {
//    //添加权限
//    simpleAuthorizationInfo.Permission());
//  }
//  }
/
/  else
{
//添加⾓⾊和权限
//部门与⾓⾊,⽤户与⾓⾊关系表对应实体类IOrgUserRole
List<DefaultOrgUserRole> roles = Id());
System.out.println(">>>>>>doGetAuthorizationInfo roles==="+roles);
simpleAuthorizationInfo.addStringPermission("url:org.action");
simpleAuthorizationInfo.addStringPermission("url:orgroot.action");
simpleAuthorizationInfo.addStringPermission("url:orgchild.action");
//  for (DefaultOrgUserRole role:roles) {
//    System.out.println(">>>>>>roleid==="+RoleId());
/
/    System.out.println(">>>>>>RoleId())==="+RoleId ()));
//    for (String RoleId())) {
//    System.out.println(">>>>>>perm==="+perm);
//    //添加权限
//    simpleAuthorizationInfo.addStringPermission(perm);
//    }
//  }
}
return simpleAuthorizationInfo;
}
如果去掉硬编码
simpleAuthorizationInfo.addStringPermission(“url:org.action”); simpleAuthorizationInfo.addStringPermission(“url:orgroot.action”); simpleAuthorizationInfo.addStringPermission(“url:orgchild.action”);再次访问,就出现⾮法访问
基于数据库授权
创建权限表
create table gf_permission(id varchar(32),
modulename varchar(100),
name varchar(100),
permission varchar(100));
初始化数据(模块的权限数据需要开发⼈员提供到系统)
insert into gf_permission(id,modulename,name,permission)
values('1','组织机构(部门)','部门页⾯','url:org.action');
insert into gf_permission(id,modulename,name,permission)
values('2','组织机构(部门)','加载根部门','url:orgroot.action');
insert into gf_permission(id,modulename,name,permission)
values('3','组织机构(部门)','加载下⼀级部门','url:orgchild.action');
创建⾓⾊权限中间表
create table gf_perm2role(id varchar(32),
permid varchar(32),
roleid varchar(32));
分配⾓⾊权限数据(⽣产环境系统管理员通过系统功能模块授权)查出等于⽤户所具有的⾓⾊ID
insert into gf_perm2role(id,permid,roleid) values('role1','1','role5263d75084e7');
insert into gf_perm2role(id,permid,roleid) values('role2','2','role5263d75084e7');
insert into gf_perm2role(id,permid,roleid) values('role3','3','role5263d75084e7');
权限类
import org.apache.shiro.authz.annotation.RequiresPermissions;
public class PermissionInfo {
private String id = null;
private String moduleName = null;//组织机构部门
private String name = null;//权限名称
private String permission = null;//对应到Controller上的注解名称 @RequiresPermissions("url:orgsave.action") public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getModuleName() {
return moduleName;
}
public void setModuleName(String moduleName) {
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPermission() {
return permission;
}
public void setPermission(String permission) {
this.permission = permission;
}
}
权限⾓⾊中间表类
public class Perm2RoleInfo {
private String id = null;
private String permId = null;
private String roleId = null;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
shiro安全框架
public String getPermId() {
return permId;
}
public void setPermId(String permId) {
this.permId = permId;
}
public String getRoleId() {
return roleId;
}
public void setRoleId(String roleId) {
}
}
Mybatis SQL
<!-- 权限表操作 -->
<insert id="savePermission" parameterType="com.gf.statusflow.def.PermissionInfo">
insert into gf_permission(id,modulename,name,permission)
values(#{id},#{moduleName},#{name},#{permission})
</insert>
<update id="updatePermission" parameterType="com.gf.statusflow.def.PermissionInfo">
update gf_permission set modulename=#{moduleName},name=#{name},permission=#{permission}  where id=#{id}
</update>
<delete id="deletePermById" parameterType="String">
delete from gf_permission where id=#{id}
</delete>
<delete id="deletePermByModule" parameterType="String">
delete from gf_permission where modulename=#{moduleName}
</delete>
<select id="getPermission" resultType="com.gf.statusflow.def.PermissionInfo">
select * from gf_permission
</select>
<!-- 权限与⾓⾊中间表 -->
<insert id="savePerm2Role" parameterType="com.gf.statusflow.def.Perm2RoleInfo">
insert into gf_perm2role(id,permid,roleid)
values(#{id},#{permId},#{roleId})
</insert>
<delete id="deletePerm2RoleById" parameterType="String">
delete from gf_perm2role where id=#{id}
</delete>
<delete id="deletePerm2RoleByRoleId" parameterType="String">
delete from gf_perm2role where roleid=#{roleId}
</delete>
<select id="getPermByRoleId" resultType="String">
select p.permission from gf_perm2role p2r,gf_permission p
where p2r.permid=p.id leid=#{roleId}
</select>
Mapper层相关⽅法
/**
* Shiro权限相关Mybatis⽅法
*/
public void savePermission(PermissionInfo permission);
public void updatePermission(PermissionInfo permission);
public void deletePermById(@Param("id") String id);
public void deletePermByModule(@Param("moduleName") String id);
public List<PermissionInfo> getPermission();
/**
* ⾓⾊与权限中间表Mybatis⽅法
*/
public void savePerm2Role(Perm2RoleInfo p2r);
public void deletePerm2RoleById(@Param("id") String id);
public void deletePerm2RoleByRoleId(@Param("roleId") String roleId);
public List<String> getPermByRoleId(@Param("roleId") String roleId);
在OrgModelCtrl添加模块跳转代码

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。

SpringBoot整合shiro同时解决注解权限不生效(附源码)
« 上一篇
spring-boot项目shiro运行流程分析
下一篇 »

发表评论

Copyright © 2024 baidu.com
Powered By 688IT编程网 豫ICP备2022007602号 豫公网安备41160202000602