在realm中动态查询用户的权限&角色
来源:互联网 发布:ubuntu ntp server 编辑:程序博客网 时间:2024/06/06 01:08
@Controller@Scope("prototype")@Namespace("/")@ParentPackage("struts-default")@Results({ @Result(name = "login", location = "/login.jsp"), @Result(name = "index", type = "redirect", location = "/index.jsp"), @Result(name = "list", type = "redirect", location = "/pages/system/user.jsp"), })public class UserAction extends BaseAction<User> { @Autowired private UserService userService; // 接收验证码 private String checkCode; public void setCheckCode(String checkCode) { this.checkCode = checkCode; } /** * @Description: 基于shiro实现登陆(认证) * @return * @throws Exception * */ @Action("userAction_login") public String login() throws Exception { // if(StringUtils.isNotBlank(model.getUsername())&& // StringUtils.isNoneBlank(model.getPassword())&&StringUtils.isNotBlank(checkCode)){ // //判断验证码 // String realCheckCode = (String) // ServletActionContext.getRequest().getSession().getAttribute("key"); // if(checkCode.equals(realCheckCode)){ // 相等,开始通过shiro实现认证 // 通过工具类获取subject对象 Subject subject = SecurityUtils.getSubject(); // 当前“用户”,未认证状态 // 创建认证令牌; 封装页面提交用户名,密码 AuthenticationToken token = new UsernamePasswordToken(model.getUsername(), Md5Util.encode(model.getPassword())); ; // logion方法调用安全管理器; try { subject.login(token); } catch (Exception e) { e.printStackTrace(); // 认证失败 return "login"; } // 认证通过 // 从主角中获取用户信息,将用户的信息存Session中 User user = (User) subject.getPrincipal(); ServletActionContext.getRequest().getSession().setAttribute("loginUser", user); return "index"; // } // }else{ // return "login"; // } // return super.execute(); } // 属性驱动接收页面提交角色id private Integer[] roleIds; public void setRoleIds(Integer[] roleIds) { this.roleIds = roleIds; } // 保存用户,用户关联角色 @Action("userAction_save") public String save() throws Exception { userService.save(model, roleIds); return "list"; } // 用户分页查询 @Action("userAction_pageQuery") public String pageQuery() { Pageable pageable = new PageRequest(page-1, rows); Page<User> page = userService.findAll(pageable); this.java2Json(page, new String[]{"roles"}); return null; }}
/** * @Description: 安全管理器最终调用realm,进行访问安全数据 * * @Title: BosRealm.java */public class BosRealm extends AuthorizingRealm{ @Autowired private UserDao userDao; @Autowired private PermissionDao permissionDao; @Autowired private RoleDao roleDao; /** * @Description: * @param token subject.login方法中传 用户名密码令牌 * @return */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("开始认证"); UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; //页面输入的用户名 //根据用户名查询数据库中真实密码 String username = usernamePasswordToken.getUsername(); User user = userDao.findByUsername(username); if(user==null){ //用户名输出错误 return null; //当此方法中返回null,shiro会抛出异常 :未知账户异常 } //比对密码工作交给shiro框架 //p1:主角 p2:令牌/真实密码 p3:当前realm名称 AuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), this.getName()); return info; }/* //授权 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("开始授权"); //TODO 后期改造查询数据库中对应的权限,角色 //返回简单授权信息:包含当前用户有的权限点;角色 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); //添加用户权限 info.addStringPermission("standard_page"); info.addStringPermission("courier_delete"); //添加用户角色 info.addRole("admin"); return info; }*/ //授权 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { List<Permission> permissionList = new ArrayList<>(); List<Role> roleList = new ArrayList<>(); System.out.println("开始授权"); //返回简单授权信息:包含当前用户有的权限点;角色 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); //如果系统内置账户:管理员账户,有所有的权限以及角色 Subject subject = SecurityUtils.getSubject(); User user = (User) subject.getPrincipal(); if(user.getUsername().equals("admin")){ permissionList = permissionDao.findAll(); roleList = roleDao.findAll(); }else{ //根据用户ID进行查询 permissionList = permissionDao.findByUserId(user.getId()); roleList = roleDao.findByUserId(user.getId()); } //添加用户权限 for (Permission permission : permissionList) { info.addStringPermission(permission.getKeyword()); } //添加用户角色 for (Role role : roleList) { info.addRole(role.getKeyword()); } return info; } }
public interface RoleDao extends JpaRepository<Role, Integer> { @Query("select r from Role r inner join r.users u where u.id=?") List<Role> findByUserId(Integer userId);}
public interface PermissionDao extends JpaRepository<Permission, Integer> { /** * select distinct p.* from t_permission p inner join t_role_permission rp on rp.c_permission_id = p.c_id inner join t_role r on rp.c_role_id = r.c_id inner join t_user_role ur on ur.c_role_id = r.c_id inner join t_user u on ur.c_user_id = u.c_id where u.c_id = 52; */ @Query("select distinct p from Permission p inner join p.roles r inner join r.users u where u.id = ?") List<Permission> findByUserId(Integer userId);}
/** * @description:后台用户 */@Entity@Table(name = "T_USER")public class User implements Serializable{ @Id @GeneratedValue @Column(name = "C_ID") private Integer id; // 主键 @Column(name = "C_BIRTHDAY") private Date birthday; // 生日 @Column(name = "C_GENDER") private String gender; // 性别 @Column(name = "C_PASSWORD") private String password; // 密码 @Column(name = "C_REMARK") private String remark; // 备注 @Column(name = "C_STATION") private String station; // 状态 @Column(name = "C_TELEPHONE") private String telephone; // 联系电话 @Column(name = "C_USERNAME", unique = true) private String username; // 登陆用户名 @Column(name = "C_NICKNAME") private String nickname; // 真实姓名 @ManyToMany(fetch=FetchType.EAGER) //为了页面展示角色信息,设置立即加载 @JoinTable(name = "T_USER_ROLE", joinColumns = { @JoinColumn(name = "C_USER_ID", referencedColumnName = "C_ID") }, inverseJoinColumns = { @JoinColumn(name = "C_ROLE_ID", referencedColumnName = "C_ID") }) private Set<Role> roles = new HashSet<Role>(0); public String getRoleString(){ String roleStrings = ""; for (Role role : roles) { roleStrings+=role.getName() + " "; } return roleStrings; } public String getBirthdayString(){ if(birthday!=null){ return new SimpleDateFormat("yyyy-MM-dd").format(birthday); } return "暂无数据"; } ......
/** * @description:角色 */@Entity@Table(name = "T_ROLE")public class Role implements Serializable { @Id @GeneratedValue @Column(name = "C_ID") private Integer id; @Column(name = "C_NAME") private String name; // 角色名称 @Column(name = "C_KEYWORD") private String keyword; // 角色关键字,用于权限控制 @Column(name = "C_DESCRIPTION") private String description; // 描述 @ManyToMany(mappedBy = "roles") private Set<User> users = new HashSet<User>(0); @ManyToMany @JoinTable(name = "T_ROLE_PERMISSION", joinColumns = { @JoinColumn(name = "C_ROLE_ID", referencedColumnName = "C_ID") }, inverseJoinColumns = { @JoinColumn(name = "C_PERMISSION_ID", referencedColumnName = "C_ID") }) private Set<Permission> permissions = new HashSet<Permission>(0); @ManyToMany @JoinTable(name = "T_ROLE_MENU", joinColumns = { @JoinColumn(name = "C_ROLE_ID", referencedColumnName = "C_ID") }, inverseJoinColumns = { @JoinColumn(name = "C_MENU_ID", referencedColumnName = "C_ID") }) private Set<Menu> menus = new HashSet<Menu>(0);......
/** * @description:权限名称 */@Entity@Table(name = "T_PERMISSION")public class Permission implements Serializable{ @Id @GeneratedValue @Column(name = "C_ID") private Integer id; @Column(name = "C_NAME") private String name; // 权限名称 @Column(name = "C_KEYWORD") private String keyword; // 权限关键字,用于权限控制 @Column(name = "C_DESCRIPTION") private String description; // 描述 @ManyToMany(mappedBy = "permissions") private Set<Role> roles = new HashSet<Role>(0);......
/** * @description:菜单 */@Entity@Table(name = "T_MENU")public class Menu implements Serializable{ @Id @GeneratedValue @Column(name = "C_ID") private Integer id; @Column(name = "C_NAME") private String name; // 菜单名称 @Column(name = "C_PAGE") private String page; // 访问路径 @Column(name = "C_PRIORITY") private Integer priority; // 优先级 @Column(name = "C_DESCRIPTION") private String description; // 描述 @ManyToMany(mappedBy = "menus") private Set<Role> roles = new HashSet<Role>(0); @OneToMany(mappedBy = "parentMenu", fetch=FetchType.EAGER) //EAGER立即加载集合 private Set<Menu> childrenMenus = new HashSet<Menu>(); //存放当前菜单下级菜单 @ManyToOne @JoinColumn(name = "C_PID") private Menu parentMenu; //当前菜单上级菜单;外键字段 /** * combotree 展示文本内容 */ public String getText(){ return name; } /** * @Description: 返回json数据中 包含children children:[] * @return * */ public Set<Menu> getChildren(){ return childrenMenus; } /** * 返回ztree数据,父节点数据的id * */ public Integer getpId(){ if(parentMenu!=null){ return parentMenu.getId(); } return 0; } ......
阅读全文
0 0
- 在realm中动态查询用户的权限&角色
- 在oracle db中查询某用户的权限 or 角色
- SpringSrcureCode在grails中实现用户--角色--权限的管理
- 查询用户的角色和权限
- oracle用户/角色权限查询
- 修改Realm中授权方法查询登录人的权限
- oracle中权限,角色常用的查询
- 常用的数据库用户角色访问权限查询语句
- oracle查询 :一个角色包括的系统权限,对象权限,Oracle有多少种角色,某个用户有什么角色
- TD表权限、用户角色查询
- 用户、角色和权限,多表查询
- 用户角色、权限的问题
- 用户与角色的权限
- MongoDB用户的角色权限
- 数据库中用户,角色,权限的理解【用案例讲解】
- 如何用javaScript结合从数据库中查询到的角色权限信息动态生成树菜单
- java 中用户角色权限判定方法
- 在BW系统中,如何查询某一个权限对象在哪些角色中出现过
- Android studio 使用JitPack发布library到Github开源库
- GAN经验总结
- 【UVA1629】Cake slicing
- 自定义带进度条WebView类似微信加载过程
- 利用百度地图API和群蚁算法,对TSP问题进行模拟与求解
- 在realm中动态查询用户的权限&角色
- electron仿制UnrealEngine4 蓝图功能模块
- POJ 1733 Parity game——并查集 + 离散化
- 从零开始接入腾讯云智能推荐
- jetty换启动端口
- mysql:union与union all的区别
- Name node is in safe mode 解除安全模式
- 拆带13个字节帧头的264文件
- Spring bean factory
