thymeleaf模板+Shiro标签对按钮权限的控制
thymeleaf模板+Shiro标签对按钮权限的控制
环境介绍
SpringBoot+Shiro+thymeleaf模板+Layui(前端)
这两天学习了shiro相关的技术,碰到⼀个问题:如何根据登录的不同⾓⾊,来控制不同的url。这个问题对于shiro来说⾮常简单,但是我的url请求在ajax⾥⾯,每次虽然拦截成功了,但是不显⽰拦截之后的界⾯(⽐如:您没有权限操作…)。
为了解决这个问题,我搜了很多⽅法,配置了来跳转页不管⽤(主要是我技术太菜了QAQ…)
后来我突然想到,我为啥要对url进⾏控制呢,直接对按钮进⾏控制不就得了
⽐如按钮可见:
管理员: 查看、编辑、删除
vip⽤户: 查看、编辑
普通⽤户:查看
正巧thymeleaf⼜⽀持shiro标签,问题就解决了~
1、相关配置
1、
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
2、
在shiro的config配置中,添加声明
@Bean
public ShiroDialect shiroDialect() {
return new ShiroDialect();
shiro权限控制}
3、
在html页⾯中使⽤标签
<a class="layui-btn layui-btn-primary layui-btn-xs" lay-event="detail" >查看</a>
<a class="layui-btn layui-btn-xs" lay-event="edit" shiro:hasRole="vip">编辑</a>
<a class="layui-btn layui-btn-danger layui-btn-xs" lay-event="del" shiro:hasPermission="admin">删除</a>
2、结果演⽰
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//这⾥设置没有登录时,跳转界⾯
shiroFilterFactoryBean.setLoginUrl("/");
//这⾥是没有授权时,跳转的界⾯
shiroFilterFactoryBean.setUnauthorizedUrl("/notRole");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/webjars/**", "anon");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/userlist/**", "roles[ds]");
filterChainDefinitionMap.put("/images/**", "anon");
filterChainDefinitionMap.put("/layui/**", "anon");
filterChainDefinitionMap.put("/lib/**", "anon");
filterChainDefinitionMap.put("/student/delete/**","perms['swds']");
//        filterChainDefinitionMap.put("/userlist/**", "perms['swds']");
filterChainDefinitionMap.put("/admin/**", "authc");
filterChainDefinitionMap.put("/user/**", "authc");
//主要这⾏代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截剩余的都需要认证
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
defaultSecurityManager.setRealm(customRealm());
return defaultSecurityManager;
}
@Bean
public CustomRealm customRealm() {
CustomRealm customRealm = new CustomRealm();
return customRealm;
}
//注解
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
@Bean
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
}
CustomRealm.class
package com.braisedpanda.shirotest.shiro;
import com.braisedpanda.shirotest.bean.User;
import com.braisedpanda.shirotest.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.alm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.HashSet;
import java.util.Set;
public class CustomRealm extends AuthorizingRealm {
@Autowired
UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("-------开始权限认证--------");
String username = (String) Subject().getPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRole("student");
//        info.addStringPermission("s1");
return info;
}
//重写验证⾝份的⽅法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {        System.out.println("-------开始⾝份认证--------");
String username = (String) Principal();
String password = new String((char[]) Credentials());
User user = User(username,password);
System.out.println("⽤户信息" + user);
if (user == null) {
throw new AccountException("⽤户名或密码错误");
}
return new SimpleAuthenticationInfo(username, password, getName());
}
}

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。