Shiro_项目_权限判断&菜单配置

最新推荐文章于 2025-05-31 11:33:00 发布

原创最新推荐文章于 2025-05-31 11:33:00 发布 · 2.3k 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#java_Shiro_

学习专栏收录该内容

39 篇文章

订阅专栏

本文详细介绍了使用Shiro进行权限判断的步骤，包括获取所有权限进行判断，重写权限拦截器，配置自定义拦截器以及在MyRealm中进行权限判断。此外，还阐述了如何设计和实现菜单操作，包括domain层的设计，如menu类和Permission类的配置，以及通过MenuRepository和MenuServiceImpl完成菜单显示功能，并在Controller层进行控制。最后，讨论了页面按钮的权限控制，确保只有拥有相应权限的用户才能看到按钮。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

文章目录

1 权限判断

1.1 获取到所有的权限进行判断

//这个值之后从数据库中查询到【用户-角色-权限-资源】
//map.put("/s/permission.jsp","perms[user:*]");
List<Permission> permissions = permissionService.findAll();
for (Permission permission : permissions) {
    String url = permission.getUrl();
    String sn = permission.getSn();
    map.put(url, "yxbPerms["+sn+"]");
}

1.2 重写权限拦截器

在这里插入图片描述
重写shiro 的权限拦截器 PermissionsAuthorizationFilter
写一个类去继承PermissionsAuthorizationFilter

public class ItsourceYxbPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter {
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
        Subject subject = this.getSubject(request, response);
        if (subject.getPrincipal() == null) {
            //没有登录成功后的操作
            this.saveRequestAndRedirectToLogin(request, response);
        } else {
            //登录成功后没有权限的操作
            //1.转成http的请求与响应操作
            HttpServletRequest httpRequest = (HttpServletRequest) request;
            HttpServletResponse httpResponse = (HttpServletResponse) response;
            //2.根据请求确定是什么请求
            String xRequestedWith = httpRequest.getHeader("X-Requested-With");
            if (xRequestedWith != null &&"XMLHttpRequest".equals(xRequestedWith)) {
                //3.在这里就代表是ajax请求
                //表示ajax请求 {"success":false,"message":"没有权限"}
                httpResponse.setContentType("text/json; charset=UTF-8");
                httpResponse.getWriter().print("{\"success\":false,\"msg\":\"没有权限\"}");
            }else {
                String unauthorizedUrl = this.getUnauthorizedUrl();
                if (StringUtils.hasText(unauthorizedUrl)) {
                    WebUtils.issueRedirect(request, response, unauthorizedUrl);
                } else {
                    WebUtils.toHttp(response).sendError(401);
                }
            }
        }
        return false;
    }
}

1.3 applicationContext-shiro.xml配置自定义拦截器

<!-- 引用自定义的权限过滤器 -->
	<property name="filters">
        <map>
            <entry key="yxbPerms" value-ref="yxbPermissionsAuthorizationFilter" />
        </map>
    </property>
</bean>

<!-- 配置自定义权限过滤器 -->
<bean id="yxbPermissionsAuthorizationFilter" class="cn.itsource.shiro.ItsourceYxbPermissionsAuthorizationFilter" />

1.4 MyRealm 进行权限判断

//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    //当前用户的权限你弄出来 给 shiro
    //得到主体用户
    Employee employee = (Employee) principalCollection.getPrimaryPrincipal();
 
    Set<String> permissions = permissionService.findPermissionssnsByLoginUser(employee.getId());
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    simpleAuthorizationInfo.addStringPermissions(permissions);
    //返回权限里面  判断
    return simpleAuthorizationInfo;
}

2 菜单操作

2.1 设计domain层

2.1.1 配置menu类

@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "parent_id")
@JsonIgnore
private Menu parent;

@Transient//临时属性
private List<Menu> children = new ArrayList<>();

public String getText(){
   return name;
}

2.1.2 配置Permission类

@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "menu_id")
private Menu menu;

2.2 完成菜单显示功能

2.2.1 MenuRepository类

@Query("select distinct m from Employee e join e.roles r join r.permissions p join p.menu m where e.id = ?1")
List<Menu> findMenuByLoginUser(Long userId);

2.2.2 MenuServiceImpl类覆写方法

//自己构造需要的菜单出来
@Override
public List<Menu> findMenuByLoginUser(Long userId) {
    //所有的子菜单
    List<Menu> childrenList = menuRepository.findMenuByLoginUser(userId);
    //创建父级合存放父菜单
    List<Menu> parentList = new ArrayList<>();
    for (Menu childrenMenu : childrenList) {
        //得到父菜单
        Menu parent = childrenMenu.getParent();
        if(!parentList.contains(parent)){
            parentList.add(parent);
        }
        //存在父菜单
        parent.getChildren().add(childrenMenu);
    }
    return parentList;
}

2.2.3 Controller层

@RequestMapping("/findMenuByLoginUser")
@ResponseBody
public List<Menu> findMenuByLoginUser(){
    Employee employee = UserContext.getUser();
    return menuService.findMenuByLoginUser(employee.getId());
}

3 页面按钮权限控制

用户对应的有相应的权限时，该按钮才显示出来

<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>

<shiro:hasPermission name="employee:save">
    <a href="#"  data-method="add" class="easyui-linkbutton" iconCls="icon-add" plain="true">添加</a>
</shiro:hasPermission>
<shiro:hasPermission name="employee:update">
    <a href="#"  data-method="edit" class="easyui-linkbutton" iconCls="icon-edit" plain="true">修改</a>
</shiro:hasPermission>
<shiro:hasPermission name="employee:delete">
    <a href="#"  data-method="del" class="easyui-linkbutton" iconCls="icon-remove" plain="true">删除</a>
</shiro:hasPermission>