根據用戶權限顯示不同頁面:
1.thymeleaf擴展shiro
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- thymeleaf -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!-- shiro與spring整合 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.2</version>
</dependency>
<!--mybatis-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.9</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.1.1</version>
</dependency>
<!-- thymeleaf整合shiro標簽 -->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
2.ShiroConfig和Realm
@Configuration public class ShiroConfig { // 創建ShiroFilterFactoryBean @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); // shiro內置過濾器 /** 常用過濾器: * anon:無需認證即可訪問 * authc:要授權才可訪問 * user:如果使用rememberMe的功能可以直接訪問 * perms:該資源必須得到資源授權才可以訪問 * roles:該資源必須得到角色授權才可以訪問 */ Map<String,String> filterMap=new LinkedHashMap<>(); // filterMap.put("/add","authc"); // filterMap.put("/update","authc"); // 所有路徑都被攔截:filterMap.put("/**","authc"); //一些路徑不攔截(需要被放過去) filterMap.put("/th","anon"); filterMap.put("/login","anon"); // 授權過濾器 filterMap.put("/add","perms[user:add]"); filterMap.put("/update","perms[user:update]"); // 配置自定義login.html shiroFilterFactoryBean.setLoginUrl("/login"); // 配置未授權頁面 shiroFilterFactoryBean.setUnauthorizedUrl("/unAuth"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap); return shiroFilterFactoryBean; } // 創建DefaultWebSecurityManager @Bean("securityManager") public DefaultWebSecurityManager getDefaultSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); return securityManager; } // 創建realm @Bean(name = "userRealm") public UserRealm getRealm(){ return new UserRealm(); } // 配置ShiroDialect:用於thymeleaf和shiro標簽配合使用 @Bean public ShiroDialect getShiroDialect(){ return new ShiroDialect(); } }
public class UserRealm extends AuthorizingRealm { @Autowired private UserService userService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("授權"); // 給資源進行授權 SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); // 添加資源的授權字符串 // info.addStringPermission("user:add"); // 獲取當前登陸用戶 Subject subject = SecurityUtils.getSubject(); User user=(User) subject.getPrincipal(); User user1=userService.findById(user.getId()); // 添加資源的授權字符串 String s= user1.getPerms(); String[] split = s.split(","); for (int i = 0; i <split.length; i++) { info.addStringPermission(split[i]); } return info; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("身份認證"); UsernamePasswordToken token=(UsernamePasswordToken)authenticationToken; User user = userService.findByName(token.getUsername()); if (user==null){ return null; } return new SimpleAuthenticationInfo(user,user.getPassword(),""); } }
3.實體類:
public class User { private Integer id; private String name; private String password; private String perms; 。。。。。
4.數據庫:
5.測試:用戶1,1有添加和update兩個權限,2,2只有一個
<div shiro:hasPermission="user:add"> <a th:href="${add}">添加</a> </div> <div shiro:hasPermission="user:update"> <a th:href="${update}">update</a> </div>
小demo地址:
https://github.com/1017020555/shiro-springboot