梳理shiro验证权限的思路
来源:互联网 发布:mac格式化u盘 什么格式 编辑:程序博客网 时间:2024/05/21 21:36
我是看的开涛的跟我来学shiro的pdf版来学习shiro的,首先感谢大神。在学习到验证权限的一个示例demo时对验证权限的过程不是特别理解,于是在搞清楚之后写一下博客记忆一下,如果能帮到别人就更好了~
我理解的办法是在每个方法体内都打上log,了解代码的走向,如下:
2017-06-16 21:10:11,271 [main] INFO com.oyb.permission_resolver.MyRealm - MyRealm---->doGetAuthenticationInfoinfo--->zhang2017-06-16 21:10:11,274 [main] INFO org.apache.shiro.session.mgt.AbstractValidatingSessionManager - Enabling session validation scheduler...2017-06-16 21:10:11,471 [main] INFO com.oyb.permission_resolver.BitAndWildPermissionResolver - BitAndWildPermissionResolver---->resolvePermission2017-06-16 21:10:11,471 [main] ERROR com.oyb.permission_resolver.BitAndWildPermissionResolver - user1:create2017-06-16 21:10:11,472 [main] INFO com.oyb.permission_resolver.MyRealm - MyRealm---->doGetAuthorizationInfo2017-06-16 21:10:11,472 [main] ERROR com.oyb.permission_resolver.MyRealm - zhang2017-06-16 21:10:11,473 [main] INFO com.oyb.permission_resolver.BitAndWildPermissionResolver - BitAndWildPermissionResolver---->resolvePermission2017-06-16 21:10:11,473 [main] ERROR com.oyb.permission_resolver.BitAndWildPermissionResolver - +user2+102017-06-16 21:10:11,474 [main] INFO com.oyb.permission_resolver.BitAndWildPermissionResolver - BitAndWildPermissionResolver---->resolvePermission2017-06-16 21:10:11,474 [main] ERROR com.oyb.permission_resolver.BitAndWildPermissionResolver - +user1+102017-06-16 21:10:11,474 [main] INFO com.oyb.permission_resolver.BitAndWildPermissionResolver - BitAndWildPermissionResolver---->resolvePermission2017-06-16 21:10:11,474 [main] ERROR com.oyb.permission_resolver.BitAndWildPermissionResolver - user1:*2017-06-16 21:10:11,474 [main] INFO com.oyb.permission_resolver.BitAndWildPermissionResolver - BitAndWildPermissionResolver---->resolvePermission2017-06-16 21:10:11,474 [main] ERROR com.oyb.permission_resolver.BitAndWildPermissionResolver - user2:*2017-06-16 21:10:11,474 [main] INFO com.oyb.permission_resolver.MyRolePermissionResolver - MyRolePermissionResolver---->resolvePermissionsInRole2017-06-16 21:10:11,474 [main] ERROR com.oyb.permission_resolver.MyRolePermissionResolver - superadmin2017-06-16 21:10:11,474 [main] INFO com.oyb.permission_resolver.MyRolePermissionResolver - MyRolePermissionResolver---->resolvePermissionsInRole2017-06-16 21:10:11,474 [main] ERROR com.oyb.permission_resolver.MyRolePermissionResolver - admin2017-06-16 21:10:11,474 [main] INFO com.oyb.permission_resolver.BitPermission - BitPermission---->implies2017-06-16 21:10:11,475 [main] ERROR com.oyb.permission_resolver.BitPermission - user1:create2017-06-16 21:10:11,475 [main] INFO com.oyb.permission_resolver.BitPermission - BitPermission---->implies2017-06-16 21:10:11,475 [main] ERROR com.oyb.permission_resolver.BitPermission - user1:create是否拥有该权限--->true
通过log了解到大体思路:
- 自定义MyRealm方法继承自AuthorizingRealm,调用doGetAuthenticationInfo方法验证身份信息
- 自定义BitAndWildPermissionResolver方法继承自PermissionResolver,拿到需要验证的权限信息;
回到MyRealm调用doGetAuthorizationInfo方法根据用户身份获取授权信息; - 回到BitAndWildPermissionResolver拿到当前用户的权限
- 本人觉得很重要的一点,权限字符串的格式:+资源字符串+权限位+实例ID;以+开头中间通过+分割;权限:0 表示所有权限;1 新增(二进制:0001)、2 修改(二进制:0010)、4 删除(二进制:0100)、8 查看(二进制:1000);如 +user+10 表示对资源user拥有修改/查看权限。
自定义BitPermission方法继承自Permission,在其构造方法中解析拿到的权限字符串
public BitPermission(String permissionString) {
String[] arrays = permissionString.split("\\+");
if(arrays.length > 1){
resourceIndentify = arrays[1];
}
if(!StringUtils.hasText(resourceIndentify)){
resourceIndentify = "*";
}
if(arrays.length > 2){
permissionBit = Integer.valueOf(arrays[2]);
}
if(arrays.length > 3){
instanceId = arrays[3];
}
if(!StringUtils.hasText(instanceId)){
instanceId = "*";
}
}在重写的implies方法中编辑判断权限是否存在的代码,如下:
if(!(permission instanceof BitPermission)){ return false; } BitPermission other = (BitPermission) permission; if(!("*".equals(this.resourceIndentify) || this.resourceIndentify.equals(other.resourceIndentify))){ return false; } if(!(this.permissionBit == 0 || (this.permissionBit & other.permissionBit) != 0)){ return false; } if(!("*".equals(this.instanceId) || this.instanceId.equals(other.instanceId))){ return false; } return true; }
总结一下验证思路:
- 登录,成功则进入下一步
- 拿到需要验证的权限信息
- 拿到当前用户的授权信息(即当前用户拥有的权限)
- 解析当前用户的权限信息
- 重写implies方法把当前用户的权限与需要验证的权限做对比,得到结果。
- 梳理shiro验证权限的思路
- Java权限验证框架Shiro的入门
- shiro权限验证标签
- shiro权限验证标签
- shiro权限验证标签
- Shiro权限验证标签
- shiro权限验证标签
- shiro权限验证标签
- shiro权限验证标签
- shiro权限验证标签
- shiro权限验证标签
- shiro权限验证框架
- shiro权限验证标签
- Shiro权限验证标签
- shiro角色权限验证
- shiro权限验证标签
- shiro权限验证标签
- shiro框架权限验证逻辑
- 移植QT5.6到嵌入式开发板(史上最详细的QT移植教程)
- csu1006:SAW
- hdu Problem-1678(priority_queue+模拟)
- 【Learning Notes】基于 boosting 原理训练深层残差神经网络
- Web开发的概述总结
- 梳理shiro验证权限的思路
- 23. 编写函数:从num各字符串中找出最长的一个字符串,并通过形参指针max传回该串地址。
- mybatis分页插件PageHelper的使用
- AngularJs 的使用之双向绑定和指令
- 关于视频播放
- Redis源码剖析和注释(二十八)--- Redis 事务实现和乐观锁
- Quartz定时调度CronTrigger时间配置规则
- C#--委托
- 学生管理系统