Shiro实现用户授权(Authorization)

来源：互联网发布：常见网络中间设备编辑：程序博客网时间：2024/05/16 08:21

1.表结构

这里写图片描述

2.Controller

            // 判断是否成功登录              assertEquals(true, subject.isAuthenticated());              System.out.println("登录成功！！");              // 判断用户是否拥有某个角色              assertEquals(true, subject.hasRole("admin"));              // 使用Shiro自带的断言判断用户是否有被授权              subject.checkRole("manager");              subject.checkPermission("create_user1");              // 注销用户              subject.logout();

3.Spring-dao.xml配置

<bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">        <!--<property name="credentialsMatcher" ref="credentialsMatcher"></property>-->        <property name="permissionsLookupEnabled" value="true"></property>        <property name="dataSource" ref="dataSource"></property>        <property name="authenticationQuery"            value="SELECT password FROM users WHERE username = ?"></property>         <property name="userRolesQuery"          value="SELECT permission FROM roles_permissions WHERE role_name = ? " />      </bean>

4.web.xml

<!-- Shiro Filter -->      <filter>          <filter-name>shiroFilter</filter-name>          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>          <init-param>              <param-name>targetFilterLifecycle</param-name>              <param-value>true</param-value>          </init-param>      </filter>      <filter-mapping>          <filter-name>shiroFilter</filter-name>          <url-pattern>/*</url-pattern>      </filter-mapping>

5.总结

之后在应用程序任意地方调用SecurityUtils.getSubject() 都可以获取到当前认证通过的用户实例
这就意味着在判断请求时可以方便的进行操作

博客：
http://www.cnblogs.com/xql4j/
http://kdboy.iteye.com/blog/1155450
http://blog.csdn.net/chris_mao/article/details/49215471

0 0