public abstract class ShiroAuthorizingRealm extends AuthorizingRealm{ private static final String OR_OPERATOR = " or "; private static final String AND_OPERATOR = " and "; private static final String NOT_OPERATOR = "not "; @Override public boolean isPermitted(PrincipalCollection principals, String permission) { /*理解問題:傳遞過來的字符串的格式: 或者格式 : 權限1 or 權限2 與格式: 權限1 and 權限2 非格式: not 權限1 */ //步驟:通過判斷來實現三種操作符 if (permission.contains(OR_OPERATOR)) { //如果有任何一個權限,返回true,否則返回false String[] permissions = permission.split(OR_OPERATOR); for (String p : permissions) { //只要有一個權限是通過驗證的就返回true if (this.isPermittedWithNotOperator(principals, p)) { return true; } } return false; }else if (permission.equals(AND_OPERATOR)) { //必須兩個權限都有,返回true.否則返回false String[] permissions = permission.split(AND_OPERATOR); for (String p : permissions) { //只要有一個權限是false的,我們就返回假 if (this.isPermittedWithNotOperator(principals, p)==false) { return false; } } return true; }else { //如果沒有關鍵字,按正常方式執行 return this.isPermittedWithNotOperator(principals, permission); } } private boolean isPermittedWithNotOperator(PrincipalCollection principals, String permission) { //判斷權限字符串前綴是否有"not "關鍵字。 if(permission.startsWith(NOT_OPERATOR)) { //如果有,就返回相反的結構 return !super.isPermitted(principals, permission.substring(NOT_OPERATOR.length())); } else { return super.isPermitted(principals, permission); } } }
<shiro:hasPermission name="modular:to_edit or modular:delete">
</shiro:hasPermission>
<shiro:hasPermission name="modular:to_edit or modular:delete">
</shiro:hasPermission>
<shiro:hasPermission name="modular:to_edit or modular:delete">
</shiro:hasPermission>