一、源代码:
@RequiresPermissions("operation:view")
@RequestMapping(value="{id}",method = RequestMethod.GET)
public Result<SysOperation> findById(@PathVariable Long id) throws Exception {
SysOperation sysOperation = operationService.selectById(id);
return new ResultBuilder<SysOperation>().data(sysOperation).build();
}
①@RequestPermissions()表示权限;
②@RequestMapping(value="{id}",method=RequestMethod.GET)表示浏览器映射的地址为value所对应的值"{id}",而method是请求的方式,此处是selectById查询,所以用GET没有问题,也不怕暴露安全信息;
③Result<SysOperation>是SysOperation类的泛型;
④@PathVariable将request里的参数的值绑定到controller方法中;
@PathVariable的外文技术贴:http://docs.spring.io/spring/docs/current/spring-framework-reference/html/mvc.html
二、RequestPermissions源代码:
package org.apache.shiro.authz.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface RequiresPermissions {
String[ ] value();
Logical logical() default Logical.AND;
}
①Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码学和会话管理。
②Retention()是存在时间,持续期;
③@interface { }是自定义一个注解的写法;
④public @interfaceRequiresPermissions{ }定义了一个公共的,接口,名叫RequiresPermissions;
RequiresPermissions里面有两句话:
String[ ] value();
Logical logical() default Logical.AND;
看不懂,请大神指教;