聲明:本證項目基於《Java-Shiro(六):Shiro Realm講解(三)Realm的自定義及應用》構建項目為基礎。
我們知道如果是采用jsp視圖引擎,直接在jsp中加入shiro的tag就可以,然而在thymeleaf視圖引擎下,並未有shiro的tag lib。實際上目前shiro+Thymeleaf的html頁面中shiro標簽方式驗證已經有人實現了並將代碼用法放到了github上,具體請參考:《thymeleaf-extras-shiro》。
下邊將結合《thymeleaf-extras-shiro》與springmvc集成實現thymeleaf中html中加驗證shiro驗證標簽的用法進行講解,具體內容分為以下幾部分:
1)引入依賴
2)需要修改哪些配置?
3)如何使用?
1)引入依賴
引入thymeleaf-extras-shiro依賴到pom中
<dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>${thymeleaf-shiro.version}</version> </dependency>
上邊${thymeleaf-shiro.version}是thymelef-extras-shiro的版本,目前最新版本是2.0.0。
更多版本請參考:《https://github.com/theborakompanioni/thymeleaf-extras-shiro/releases》
2)修改配置
2.1)xml方式配置
需要在springmvc-servlet.xml配置文件中引入thymeleaf依賴外,需要在templateEngine bean下設置additionalDialects屬性:
<bean id="templateEngine" class="org.thymeleaf.spring5.SpringTemplateEngine"> <property name="templateResolver" ref="templateResolver" /> <property name="additionalDialects"> <set> <bean class="at.pollux.thymeleaf.shiro.dialect.ShiroDialect"/> </set> </property> </bean>
注意:這個dialect是核心配置,缺少這個thymeleaf頁面中的標簽將無法解析。
2.2)SpringMVC或者SpringBoot注解方式配置
@Bean public SpringTemplateEngine templateEngine() { SpringTemplateEngine templateEngine = new SpringTemplateEngine();
templateEngine.setTemplateResolver(templateResolver()); Set<IDialect> additionalDialects = new HashSet<IDialect>(); additionalDialects.add(new ShiroDialect()); templateEngine.setAdditionalDialects(additionalDialects); return templateEngine; }
3)在thymeleaf的html頁面中使用shiro驗證標簽
3.1)在html文件頭的<html>標簽做修改
<!DOCTYPE html> <html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
Example
<!DOCTYPE html> <html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro"> <head> <title>thymeleaf-extras-shiro</title> </head> <body> <p shiro:guest="">Please <a href="login.html">login</a></p> <p shiro:authenticated=""> Hello, <span shiro:principal=""></span>, how are you today? </p> </body> </html>
3.2)html標簽(例如:a/tr/td/p等) shiro:hasPermission="article:query" 標簽使用
具體參考官網:《https://github.com/theborakompanioni/thymeleaf-extras-shiro》
The guest tag
<p shiro:guest=""> Please <a href="login.html">Login</a> </p>
The user tag
<p shiro:user=""> Welcome back John! Not John? Click <a href="login.html">here<a> to login. </p>
The authenticated tag
<a shiro:authenticated="" href="updateAccount.html">Update your contact information</a>
The notAuthenticated tag
<p shiro:notAuthenticated=""> Please <a href="login.html">login</a> in order to update your credit card information. </p>
The principal tag
<p>Hello, <span shiro:principal=""></span>, how are you today?</p>
or
<p>Hello, <shiro:principal/>, how are you today?</p>
Typed principal and principal property are also supported.
The hasRole tag
<a shiro:hasRole="administrator" href="admin.html">Administer the system</a>
The lacksRole tag
<p shiro:lacksRole="administrator"> Sorry, you are not allowed to administer the system. </p>
The hasAllRoles tag
<p shiro:hasAllRoles="developer, project manager"> You are a developer and a project manager. </p>
The hasAnyRoles tag
<p shiro:hasAnyRoles="developer, project manager, administrator"> You are a developer, project manager, or administrator. </p>
The hasPermission tag
<a shiro:hasPermission="user:create" href="createUser.html">Create a new User</a>
The lacksPermission tag
<p shiro:lacksPermission="user:delete"> Sorry, you are not allowed to delete user accounts. </p>
The hasAllPermissions tag
<p shiro:hasAllPermissions="user:create, user:delete"> You can create and delete users. </p>
The hasAnyPermissions tag
<p shiro:hasAnyPermissions="user:create, user:delete"> You can create or delete users. </p>
3.3)和jsp頁面一樣的shiro:hasPermission標簽使用
實際上和Jsp頁面中的驗證標簽一致,而且與上邊基本一致,去掉html標簽改寫為:
<shiro:hasPermission name="user:create"> <p>test</p> </shiro:hasPermission>
具體參考shiro官網:《http://shiro.apache.org/web.html#jsp-gsp-tag-library》
3.4)javascript中使用hasPermission標簽
需要自定義@Component,例如:
package com.dx.test.shiro; import org.apache.shiro.SecurityUtils; import org.springframework.stereotype.Component; /** * js調用 thymeleaf 實現按鈕權限 */ @Component("perms") public class PermsService { public boolean hasPerm(String permission) { return SecurityUtils.getSubject().isPermitted(permission); } }
其需要在applicationContext-*.xml中,添加掃描包組件確保能掃描到該包:
<context:component-scan base-package="com.dx.test.shiro"></context:component-scan>
Js中使用示例:
<script>
var editFlag = "[[${@perms.hasPerm('user:edit')}]]";
var deleteFlag = "[[${@perms.hasPerm('user:delete')}]]";
var assignRoleFlag="[[${@perms.hasPerm('user:assignRole')}]]";
// 其他業務
</script>