本文介绍如何在SpringBoot项目中使用Shiro进行权限控制,并通过Java反射获取所有接口的注解信息,包括权限、请求方式及路径等,实现动态权限管理。
我项目中pom配置文件添加
<!-- https://mvnrepository.com/artifact/org.reflections/reflections -->
<dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
<version>0.9.8</version>
</dependency>AuthModel.javapackage com.springboot_springdatajpa.springdatajpa.model;
import lombok.Data;
import java.io.Serializable;
import java.util.Date;
/**
* @Author zhaomengxia
* @create 2019/9/3 14:38
*/
@Data
public class AuthModel implements Serializable{
private String authName;
private String authUrl;
private String authUniqueMark;
private Date createTime;
private String methodType;
}
LoginController.java
package com.springboot_springdatajpa.springdatajpa.controller;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.*;
/**
* 用户接口,用于测试的接口
* 这里使用了标准的restful接口的风格,swagger自动的API接口,shiro接口权限注解
* @RequiresPermissions组合成的一个controller。当然也可以使用其他技术,只要能够获取到接口信息就行
* @Author zhaomengxia
* @create 2019/9/3 11:26
*/
@RestController
@Api(tags = "登录")
@RequestMapping("/test")
public class LoginController {
private Logger logger = LoggerFactory.getLogger(this.getClass());
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ApiOperation("登录接口")
@RequiresPermissions("user:list")
public String login(
@RequestParam(value = "username", required = true) String userName,
@RequestParam(value = "password", required = true) String password,
@RequestParam(value = "rememberMe", required = true, defaultValue = "false") boolean rememberMe
) {
logger.info("==========" + userName + password + rememberMe);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
token.setRememberMe(rememberMe);
try {
subject.login(token);
} catch (AuthenticationException e) {
e.printStackTrace();
// rediect.addFlashAttribute("errorText", "您的账号或密码输入错误!");
return "{\"Msg\":\"您的账号或密码输入错误\",\"state\":\"failed\"}";
}
return "{\"Msg\":\"登陆成功\",\"state\":\"success\"}";
}
@RequestMapping("/")
@ResponseBody
@RequiresPermissions("user:get")
@ApiOperation(value = "测试")
public String index() {
return "no permission";
}
}
AnnoTest.javapackage com.springboot_springdatajpa.springdatajpa;
import com.alibaba.fastjson.JSON;
import com.springboot_springdatajpa.springdatajpa.model.AuthModel;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.reflections.Reflections;
import org.reflections.scanners.MethodAnnotationsScanner;
import org.reflections.util.ClasspathHelper;
import org.reflections.util.ConfigurationBuilder;
import org.springframework.web.bind.annotation.*;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Set;
/**
* Java反射注解妙用(获取所有接口说明)
* 这里用反射来获取所有接口的信息
* @Author zhaomengxia
* @create 2019/9/3 14:29
*/
public class AnnoTest {
public static void main(String[] args) {
getRequestMappingMethod("com.springboot_springdatajpa.springdatajpa.controller");
}
private static void getRequestMappingMethod(String scanPackage){
//设置扫描路径
Reflections reflections=new Reflections(new ConfigurationBuilder()
.setUrls(ClasspathHelper.forPackage(scanPackage)).addScanners(new MethodAnnotationsScanner()));
//扫描包内带有@RequiresPermissions注解的所有方法集合
Set<Method> methods=reflections.getMethodsAnnotatedWith(RequiresPermissions.class);
List<AuthModel> authModels=new ArrayList<>();
Date now=new Date();
//循环获取方法
methods.forEach(method -> {
String methodType="";
//获取类上的RequestMapping注解的值,作为请求的基础路径
String authUrl = method.getDeclaringClass().getAnnotation(RequestMapping.class).value()[0];
if (method.getAnnotation(PutMapping.class) != null) {
methodType = "put";
if (method.getAnnotation(PutMapping.class).value().length > 0) {
authUrl = method.getAnnotation(PutMapping.class).value()[0];
}
} else if (method.getAnnotation(GetMapping.class) != null) {
methodType = "get";
if (method.getAnnotation(GetMapping.class).value().length > 0) {
authUrl = method.getAnnotation(GetMapping.class).value()[0];
}
} else if (method.getAnnotation(PostMapping.class) != null) {
methodType = "post";
if (method.getAnnotation(PostMapping.class).value().length > 0) {
authUrl = method.getAnnotation(PostMapping.class).value()[0];
}
} else if (method.getAnnotation(DeleteMapping.class) != null) {
methodType = "delete";
if (method.getAnnotation(DeleteMapping.class).value().length > 0) {
authUrl = method.getAnnotation(DeleteMapping.class).value()[0];
}
}
AuthModel authModel = new AuthModel();
authModel.setMethodType(methodType);
authModel.setAuthUniqueMark(method.getAnnotation(RequiresPermissions.class).value()[0]);
authModel.setAuthUrl(authUrl);
authModel.setAuthName(method.getDeclaringClass().getAnnotation(Api.class).value() +
"-" + method.getAnnotation(ApiOperation.class).value());
authModel.setCreateTime(now);
authModels.add(authModel);
});
System.out.println(JSON.toJSONString(authModels));
}
}
控制台输出结果
所设计代码在项目中的位置
源代码
扫一扫
377
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
