shiro角色配置
来源:互联网 发布:java接口开发demo下载 编辑:程序博客网 时间:2024/06/05 17:47
- 角色验证
- 数据库表
- roles
- user
- indexjsp
- 配置文件
- myRealm
- 数据库表
角色验证
数据库表
- tuser:用户表
uid + uname + upassword - roles:角色表
rid + rname - user_to_role:用户角色表,hibernate会自动建立
user_id + role_id
roles
@Entity@Table(name = "roles", schema = "public")public class Roles implements java.io.Serializable { private Integer rid; private String rname;// private Set<User> user; public Roles() { } /** full constructor */ public Roles(String rname) { this.rname = rname; } @Id @GeneratedValue @Column(name = "rid", unique = true, nullable = false) public Integer getRid() { return rid; } public void setRid(Integer rid) { this.rid = rid; } @Column(name = "rname", length = 20) public String getRname() { return rname; } public void setRname(String rname) { this.rname = rname; } /* @ManyToMany(cascade = CascadeType.MERGE, fetch = FetchType.EAGER) @JoinTable(name = "user_to_role", joinColumns ={@JoinColumn(name = "role_id") }, inverseJoinColumns = { @JoinColumn(name = "user_id") }) public Set<User> getUser() { return user; } public void setUser(Set<User> user) { this.user = user; }*/ }
为防止转化成json时出现循环,ManyToMany配置是只在依赖方配置,即只在user端进行配置。
user
@Entity @Table(name = "tuser") public class User implements java.io.Serializable { private Integer uid; private String uname; private String upassword; //一个用户具有多个角色 private Set<Roles> roles = new HashSet<Roles>(); public User() { } // Property accessors @Id @GeneratedValue @Column(name = "uid", unique = true, nullable = false) public Integer getUid() { return uid; } public void setUid(Integer uid) { this.uid = uid; } @Column(name = "uname", length = 20) public String getUname() { return this.uname; } public void setUname(String uname) { this.uname = uname; } @Column(name = "upassword", length = 20) public String getUpassword() { return this.upassword; } public void setUpassword(String upassword) { this.upassword = upassword; } @ManyToMany(cascade={CascadeType.MERGE}, fetch=FetchType.EAGER) @JoinTable(name = "user_to_role", joinColumns= { @JoinColumn(name = "user_id")}, inverseJoinColumns ={@JoinColumn(name = "role_id") }) public Set<Roles> getRoles() { return roles; } public void setRoles(Set<Roles> roles) { this.roles = roles; } }
此例子比较简单,没有涉及到权限permission
如果涉及到权限则需要建立权限表及对应的POJO
- permission:权限表
id + permissionname + role_id
在role中添加:
private List<Permission> permissionList;//一个角色对应多个权限 ... @OneToMany(mappedBy="role") public List<Permission> getPermissionList() { return permissionList; } public void setPermissionList(List<Permission> permissionList) { this.permissionList = permissionList; }
Permission pojo
@Entity @Table(name="t_permission") public class Permission { private Integer id; private String permissionname; private Role role;//一个权限对应一个角色 @Id @GeneratedValue(strategy=GenerationType.IDENTITY) public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getPermissionname() { return permissionname; } public void setPermissionname(String permissionname) { this.permissionname = permissionname; } @ManyToOne @JoinColumn(name="role_id") public Role getRole() { return role; } public void setRole(Role role) { this.role = role; } }
index.jsp
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>...<ul class="nav navbar-nav navbar-right"><li><a> <shiro:user> 欢迎你:<shiro:principal /> </shiro:user> <!-- 没有登录,就认为是Guest,显示注册链接 --> <shiro:guest> <a href="register.jsp">注册</a> </shiro:guest></a></li><li> <shiro:hasRole name="管理员"> <a href="manager/index.jsp">后台管理</a> </shiro:hasRole> //示例,具有两个中任一个权限时有操作权限 <shiro:hasAnyRoles name="管理员,普通用户"> 操作 </shiro:hasAnyRoles></li><li><a href="javascript:void(0)" id="exitBtn" type="button">退出</a></li></ul>
配置文件
<!-- Shiro Filter 拦截器相关配置 --><!--shiro过滤器配置,bean的id值须与web中的filter-name的值相同 --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- securityManager --> <property name="securityManager" ref="securityManager" /> <!-- 登录路径 --> <property name="loginUrl" value="/login.jsp" /> <!-- 登录成功后跳转路径 --> <property name="successUrl" value="/manager/index.jsp" /> <!-- 授权失败跳转路径 --> <property name="unauthorizedUrl" value="/login.jsp" /> <!-- 过滤链定义 --> <property name="filterChainDefinitions"> <value> /login.jsp* = anon /logout* = anon /*.js = anon /*.css = anon <!-- 表示需要认证的链接 --> /manager/** = authc,roles["管理员"] /index.jsp = authc </value> </property></bean>
myRealm
权限验证和登陆验证
public class myRealm extends AuthorizingRealm { @Resource private IUserService userManagerImpl; /** * 权限验证 */ @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { // TODO Auto-generated method stub String userName = (String) principals.fromRealm(getName()).iterator().next(); //根据用户名查找拥有的角色 User user = userManagerImpl.queryByName(userName).get(0); Set<Roles> roles = user.getRoles(); if (roles != null) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for (Roles role : roles) { info.addRole(role.getRname()); } return info; } else { return null; } } /** * 登录验证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { // 令牌——基于用户名和密码的令牌 UsernamePasswordToken token = (UsernamePasswordToken) authcToken; // 令牌中可以取出用户名密码 String userName = token.getUsername(); String passWord = new String(token.getPassword()); User user = userManagerImpl.queryByName(userName).get(0); String passwd = user.getUpassword(); String approval = user.getIsapproval(); if(user.getUid() == null){ System.out.println("没有找到用户 "); throw new UnknownAccountException("没有找到用户 [" + userName + "]"); } if(!passwd.equals(passWord)){ System.out.println("密码错误!!"); throw new IncorrectCredentialsException("密码错误!!"); } if(approval.equals("0")){ System.out.println("审批未通过"); throw new IncorrectCredentialsException("审批未通过!!"); } //将正确的用户信息,请求登录用户的用户名和正确的密码,创建AuthenticationInfo对象并返回 AuthenticationInfo authinfo = new SimpleAuthenticationInfo(userName, passWord, getName()); return authinfo; }}
0 0
- shiro角色配置
- Shiro之urls配置多个角色
- shiro配置filterchaindefinitions实现多角色判定方法的重写
- shiro角色( roles)自定义Filter----同一个URL配置多个角色的或关系
- spring-shiro实现角色(roles)自定义Filter----配置多个角色的或关系
- shiro角色权限验证
- shiro添加多用户角色判断
- Apache Shiro 角色和权限
- (四) shiro权限与角色
- shiro (三)权限角色判断
- Shiro 配置
- shiro配置
- shiro配置
- Shiro配置
- shiro配置
- shiro配置
- Shiro配置
- shiro配置
- Windows上面编译libx264
- SQL语句备份和恢复
- mysql - Navicat中无法编辑查询结果数据
- iOS 单例模式
- Jmockit使用指南
- shiro角色配置
- Java内部类小结
- 关于Linux的一些常用命令
- 解决驱动器中没有磁盘的问题
- 【bzoj1143】【CTSC2008】【祭祀】【river】
- Mysql体系构架详解——内存
- 回溯法
- 刘姝威:超图软件如何实现利润爆发式增长
- 我们无法创建新的分区