目录

1.shiro授权

2.shiro注解式开发

1.shiro授权

package com.hz.ssm.shiro;

import com.hz.ssm.biz.UserBiz;
import com.hz.ssm.model.User;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import java.util.Set;

/**
 * @author黄仲
 * @site www.Hz.com
 * @company 公司
 * @create 2022-08-25 19:21
 */
public class MyRealm extends AuthorizingRealm {

    public UserBiz getUserBiz() {
        return userBiz;
    }

    public void setUserBiz(UserBiz userBiz) {
        this.userBiz = userBiz;
    }

    public UserBiz userBiz;

    //    授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String username = principals.getPrimaryPrincipal().toString();
        User user = userBiz.queryUserByUserName(username);
        Set<String> roles = userBiz.getRolesByUserId(user.getUsername());
        Set<String> pers = userBiz.getPersByUserId(user.getUsername());
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        info.setRoles(roles);
        info.setStringPermissions(pers);
        return info;
    }
//  认正
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String userName = token.getPrincipal().toString();
        User user = userBiz.queryUserByUserName(userName);
        AuthenticationInfo info=new SimpleAuthenticationInfo(
                user.getUsername(),
                user.getPassword(),
                ByteSource.Util.bytes(user.getSalt()),
                this.getName()
        );

        return info;
    }
}

2.shiro注解式开发

package com.hz.ssm.web;

import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.http.HttpServletRequest;

/**
 * @author黄仲
 * @site www.Hz.com
 * @company 公司
 * @create 2022-08-26 20:19
 */
@RequestMapping("/shiro")
@Controller
public class ShiroController {
    @RequiresUser
    @RequestMapping("/passUser")
    public String passUser(HttpServletRequest request){
        System.out.println("身份认证。。。。");
        return "admin/addUser";
    }

    @RequiresRoles(value = {"1","4"},logical = Logical.AND)
    @RequestMapping("/passRole")
    public String passRole(HttpServletRequest request){
        System.out.println("角色认真。。。。");
        return "admin/listUser";
    }

    @RequiresPermissions(value = {"2"},logical = Logical.AND)
    @RequestMapping("/passPer")
    public String passPer(HttpServletRequest request){
        System.out.println("权限认证。。。");
        return "admin/resetPwd";
    }

    @RequestMapping("/unauthorized")
    public String unauthorized(){
        return "unauthorized";
    }


}