根据用户权限显示不同页面:
1.thymeleaf扩展shiro
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- thymeleaf -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!-- shiro与spring整合 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.2</version>
</dependency>
<!--mybatis-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.9</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.1.1</version>
</dependency>
<!-- thymeleaf整合shiro标签 -->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
2.ShiroConfig和Realm
@Configuration public class ShiroConfig { // 创建ShiroFilterFactoryBean @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); // shiro内置过滤器 /** 常用过滤器: * anon:无需认证即可访问 * authc:要授权才可访问 * user:如果使用rememberMe的功能可以直接访问 * perms:该资源必须得到资源授权才可以访问 * roles:该资源必须得到角色授权才可以访问 */ Map<String,String> filterMap=new LinkedHashMap<>(); // filterMap.put("/add","authc"); // filterMap.put("/update","authc"); // 所有路径都被拦截:filterMap.put("/**","authc"); //一些路径不拦截(需要被放过去) filterMap.put("/th","anon"); filterMap.put("/login","anon"); // 授权过滤器 filterMap.put("/add","perms[user:add]"); filterMap.put("/update","perms[user:update]"); // 配置自定义login.html shiroFilterFactoryBean.setLoginUrl("/login"); // 配置未授权页面 shiroFilterFactoryBean.setUnauthorizedUrl("/unAuth"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap); return shiroFilterFactoryBean; } // 创建DefaultWebSecurityManager @Bean("securityManager") public DefaultWebSecurityManager getDefaultSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); return securityManager; } // 创建realm @Bean(name = "userRealm") public UserRealm getRealm(){ return new UserRealm(); } // 配置ShiroDialect:用于thymeleaf和shiro标签配合使用 @Bean public ShiroDialect getShiroDialect(){ return new ShiroDialect(); } }
public class UserRealm extends AuthorizingRealm { @Autowired private UserService userService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("授权"); // 给资源进行授权 SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); // 添加资源的授权字符串 // info.addStringPermission("user:add"); // 获取当前登陆用户 Subject subject = SecurityUtils.getSubject(); User user=(User) subject.getPrincipal(); User user1=userService.findById(user.getId()); // 添加资源的授权字符串 String s= user1.getPerms(); String[] split = s.split(","); for (int i = 0; i <split.length; i++) { info.addStringPermission(split[i]); } return info; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("身份认证"); UsernamePasswordToken token=(UsernamePasswordToken)authenticationToken; User user = userService.findByName(token.getUsername()); if (user==null){ return null; } return new SimpleAuthenticationInfo(user,user.getPassword(),""); } }
3.实体类:
public class User { private Integer id; private String name; private String password; private String perms; 。。。。。
4.数据库:
5.测试:用户1,1有添加和update两个权限,2,2只有一个
<div shiro:hasPermission="user:add"> <a th:href="${add}">添加</a> </div> <div shiro:hasPermission="user:update"> <a th:href="${update}">update</a> </div>
小demo地址: