欢迎访问 生活随笔!
TAG聚合

生活随笔

当前位置: 首页 > 编程资源 > 编程问答 >内容正文

编程问答

Shiro+springboot+mybatis(md5+salt+散列)认证与授权-02

发布时间:2024/10/5 编程问答 43 豆豆
生活随笔 收集整理的这篇文章主要介绍了 Shiro+springboot+mybatis(md5+salt+散列)认证与授权-02 小编觉得挺不错的,现在分享给大家,帮大家做个参考.

代码延续地址:Shiro+springboot+mybatis(md5+salt+散列)认证与授权-01

1.创建t_role角色表(比如管理员admin,普通用户user等),创建t_pers权限表(比如add,update,delete等),t_user_role与t_role_pers作为三个表的中间表(因为这三个表之间是多对多的关系)


2.UserMapper.xml新增sql查询

<select id="findByRolesUserName" parameterType="String" resultMap="userMap">select u.id uid,u.username,r.id rid,r.namefrom t_user uleft join t_user_role uron u.id=ur.userIdleft join t_role ron ur.roleId=r.idwhere u.username=#{username};</select><select id="findPermsByRoleId" parameterType="String" resultType="com.hao.springboot.entity.Pers">select p.id,p.name,p.url,r.namefrom t_role rleft join t_role_pers rpon r.id=rp.roleIdleft join t_pers pon p.id=rp.persIdwhere r.id=#{id}</select>

3.UserDao新增方法

//根据用户名查询所有角色User findByRolesUserName(String username);//根据角色id查询权限集合List<Pers> findPermsByRoleId(String id);

4.Service层新增方法(接口代码省略)

@Overridepublic User findByRolesUserName(String username) {return userDao.findByRolesUserName(username);}@Overridepublic List<Pers> findPermsByRoleId(String id) {return userDao.findPermsByRoleId(id);}

5.改变自定义realm

/*** @author:抱着鱼睡觉的喵喵* @date:2020/12/29* @description: 自定义realm完成用户认证和授权*/ public class CustomerRealm extends AuthorizingRealm {/*** 用户授权* @param principalCollection* @return*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("调用权限认证:"+principalCollection);String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();//调用身份信息获取角色和权限信息UserService userService = (UserService) ApplicationContextUtils.getBean("userService");//根据主身份获取角色和权限信息User users = userService.findByRolesUserName(primaryPrincipal);//授权角色信息if (!CollectionUtils.isEmpty(users.getRoles())){SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();users.getRoles().forEach(role -> {simpleAuthorizationInfo.addRole(role.getName());List<Pers> perms = userService.findPermsByRoleId(role.getId());if (!CollectionUtils.isEmpty(perms)){perms.forEach(pers -> {simpleAuthorizationInfo.addStringPermission(pers.getName());});}});return simpleAuthorizationInfo;}return null;}/*** 用户认证* @param authenticationToken* @return* @throws AuthenticationException*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {String principal = (String) authenticationToken.getPrincipal();//在工厂中获取业务对象UserService userService = (UserService) ApplicationContextUtils.getBean("userService");User user = userService.findByUserName(principal);if (!ObjectUtils.isEmpty(user)){return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(), ByteSource.Util.bytes(user.getSalt()),this.getName());}return null;} }

6.index.jsp

<%@page contentType="text/html; utf-8" pageEncoding="UTF-8" isELIgnored="false" %> <%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <!doctype html> <html lang="en"> <head><meta charset="UTF-8"><meta name="viewport"content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"><meta http-equiv="X-UA-Compatible" content="ie=edge"><title>Document</title> </head> <body><h1>系统主页,欢迎你的到来</h1><a href="${pageContext.request.contextPath}/user/outLogin">退出</a><ul><shiro:hasAnyRoles name="user"><li><a href="">用户管理</a><ul><shiro:hasPermission name="user:add:*"><li><a href="">添加用户</a></li></shiro:hasPermission><li><a href="">删除用户</a></li><li><a href="">修改用户</a></li><li><a href="">查询用户</a></li></ul></li></shiro:hasAnyRoles><shiro:hasRole name="product"><li><a href="">部分格式化</a> </li></shiro:hasRole><shiro:hasRole name="admin"><li><a href="">商品管理</a> </li><li><a href="">订单管理</a> </li><li><a href="">物流管理</a> </li></shiro:hasRole><shiro:hasRole name="shper"><li><a href="">终极格式化</a> </li></shiro:hasRole></ul> </body> </html>

7.访问http://localhost:8080/shiro/login.jsp


退出

总结

以上是生活随笔为你收集整理的Shiro+springboot+mybatis(md5+salt+散列)认证与授权-02的全部内容,希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错,欢迎将生活随笔推荐给好友。