目录
1.shiro授权
package com.hz.ssm.shiro;
import com.hz.ssm.biz.UserBiz;
import com.hz.ssm.model.User;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.Set;
/**
* @author黄仲
* @site www.Hz.com
* @company 公司
* @create 2022-08-25 19:21
*/
public class MyRealm extends AuthorizingRealm {
public UserBiz getUserBiz() {
return userBiz;
}
public void setUserBiz(UserBiz userBiz) {
this.userBiz = userBiz;
}
public UserBiz userBiz;
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = principals.getPrimaryPrincipal().toString();
User user = userBiz.queryUserByUserName(username);
Set<String> roles = userBiz.getRolesByUserId(user.getUsername());
Set<String> pers = userBiz.getPersByUserId(user.getUsername());
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
info.setRoles(roles);
info.setStringPermissions(pers);
return info;
}
// 认正
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String userName = token.getPrincipal().toString();
User user = userBiz.queryUserByUserName(userName);
AuthenticationInfo info=new SimpleAuthenticationInfo(
user.getUsername(),
user.getPassword(),
ByteSource.Util.bytes(user.getSalt()),
this.getName()
);
return info;
}
}
2.shiro注解式开发
package com.hz.ssm.web;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpServletRequest;
/**
* @author黄仲
* @site www.Hz.com
* @company 公司
* @create 2022-08-26 20:19
*/
@RequestMapping("/shiro")
@Controller
public class ShiroController {
@RequiresUser
@RequestMapping("/passUser")
public String passUser(HttpServletRequest request){
System.out.println("身份认证。。。。");
return "admin/addUser";
}
@RequiresRoles(value = {"1","4"},logical = Logical.AND)
@RequestMapping("/passRole")
public String passRole(HttpServletRequest request){
System.out.println("角色认真。。。。");
return "admin/listUser";
}
@RequiresPermissions(value = {"2"},logical = Logical.AND)
@RequestMapping("/passPer")
public String passPer(HttpServletRequest request){
System.out.println("权限认证。。。");
return "admin/resetPwd";
}
@RequestMapping("/unauthorized")
public String unauthorized(){
return "unauthorized";
}
}