原博客地址:http://jinnianshilongnian.iteye.com/blog/2018398
根据下载的pdf学习。
开涛shiro教程-第二十一章-授予身份与切换身份(二)
1.回顾上节
在《2017.2.15 开涛shiro教程-第二十一章-授予身份与切换身份(一)table、entity、service、dao 》中,做了这四件事。这只是准备材料,要实现 B 假借 A 的身份进行访问,还需要完成controller部分。
1 table:sys_user_runas
2 entity:UserRunAs
3 service:UserRunAsService、UserRunAsServiceImpl
4 dao:UserRunAsDao、UserRunAsDaoImpl
2.最终效果
(1)涉及到的jsp
(2)页面效果
3.controller
1 package com.github.zhangkaitao.shiro.chapter21.web.controller; 2 3 import com.github.zhangkaitao.shiro.chapter21.entity.Organization; 4 import com.github.zhangkaitao.shiro.chapter21.service.OrganizationService; 5 import org.apache.shiro.authz.annotation.RequiresPermissions; 6 import org.springframework.beans.factory.annotation.Autowired; 7 import org.springframework.stereotype.Controller; 8 import org.springframework.ui.Model; 9 import org.springframework.web.bind.annotation.PathVariable; 10 import org.springframework.web.bind.annotation.RequestMapping; 11 import org.springframework.web.bind.annotation.RequestMethod; 12 import org.springframework.web.bind.annotation.RequestParam; 13 import org.springframework.web.servlet.mvc.support.RedirectAttributes; 14 15 /** 16 * <p>User: Zhang Kaitao 17 * <p>Date: 14-2-14 18 * <p>Version: 1.0 19 */ 20 @Controller 21 @RequestMapping("/organization") 22 public class OrganizationController { 23 24 @Autowired 25 private OrganizationService organizationService; 26 27 @RequiresPermissions("organization:view") 28 @RequestMapping(method = RequestMethod.GET) 29 public String index(Model model) { 30 return "organization/index"; 31 } 32 33 @RequiresPermissions("organization:view") 34 @RequestMapping(value = "/tree", method = RequestMethod.GET) 35 public String showTree(Model model) { 36 model.addAttribute("organizationList", organizationService.findAll()); 37 return "organization/tree"; 38 } 39 40 @RequiresPermissions("organization:create") 41 @RequestMapping(value = "/{parentId}/appendChild", method = RequestMethod.GET) 42 public String showAppendChildForm(@PathVariable("parentId") Long parentId, Model model) { 43 Organization parent = organizationService.findOne(parentId); 44 model.addAttribute("parent", parent); 45 Organization child = new Organization(); 46 child.setParentId(parentId); 47 child.setParentIds(parent.makeSelfAsParentIds()); 48 model.addAttribute("child", child); 49 model.addAttribute("op", "新增"); 50 return "organization/appendChild"; 51 } 52 53 @RequiresPermissions("organization:create") 54 @RequestMapping(value = "/{parentId}/appendChild", method = RequestMethod.POST) 55 public String create(Organization organization) { 56 organizationService.createOrganization(organization); 57 return "redirect:/organization/success"; 58 } 59 60 @RequiresPermissions("organization:update") 61 @RequestMapping(value = "/{id}/maintain", method = RequestMethod.GET) 62 public String showMaintainForm(@PathVariable("id") Long id, Model model) { 63 model.addAttribute("organization", organizationService.findOne(id)); 64 return "organization/maintain"; 65 } 66 67 @RequiresPermissions("organization:update") 68 @RequestMapping(value = "/{id}/update", method = RequestMethod.POST) 69 public String update(Organization organization, RedirectAttributes redirectAttributes) { 70 organizationService.updateOrganization(organization); 71 redirectAttributes.addFlashAttribute("msg", "修改成功"); 72 return "redirect:/organization/success"; 73 } 74 75 @RequiresPermissions("organization:delete") 76 @RequestMapping(value = "/{id}/delete", method = RequestMethod.POST) 77 public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) { 78 organizationService.deleteOrganization(id); 79 redirectAttributes.addFlashAttribute("msg", "删除成功"); 80 return "redirect:/organization/success"; 81 } 82 83 84 @RequiresPermissions("organization:update") 85 @RequestMapping(value = "/{sourceId}/move", method = RequestMethod.GET) 86 public String showMoveForm(@PathVariable("sourceId") Long sourceId, Model model) { 87 Organization source = organizationService.findOne(sourceId); 88 model.addAttribute("source", source); 89 model.addAttribute("targetList", organizationService.findAllWithExclude(source)); 90 return "organization/move"; 91 } 92 93 @RequiresPermissions("organization:update") 94 @RequestMapping(value = "/{sourceId}/move", method = RequestMethod.POST) 95 public String move( 96 @PathVariable("sourceId") Long sourceId, 97 @RequestParam("targetId") Long targetId) { 98 Organization source = organizationService.findOne(sourceId); 99 Organization target = organizationService.findOne(targetId); 100 organizationService.move(source, target); 101 return "redirect:/organization/success"; 102 } 103 104 @RequiresPermissions("organization:view") 105 @RequestMapping(value = "/success", method = RequestMethod.GET) 106 public String success() { 107 return "organization/success"; 108 } 109 110 111 }
1 package com.github.zhangkaitao.shiro.chapter21.web.controller; 2 3 import com.github.zhangkaitao.shiro.chapter21.entity.Resource; 4 import com.github.zhangkaitao.shiro.chapter21.service.ResourceService; 5 import org.apache.shiro.authz.annotation.RequiresPermissions; 6 import org.springframework.beans.factory.annotation.Autowired; 7 import org.springframework.stereotype.Controller; 8 import org.springframework.ui.Model; 9 import org.springframework.web.bind.annotation.ModelAttribute; 10 import org.springframework.web.bind.annotation.PathVariable; 11 import org.springframework.web.bind.annotation.RequestMapping; 12 import org.springframework.web.bind.annotation.RequestMethod; 13 import org.springframework.web.servlet.mvc.support.RedirectAttributes; 14 15 /** 16 * <p>User: Zhang Kaitao 17 * <p>Date: 14-2-14 18 * <p>Version: 1.0 19 */ 20 @Controller 21 @RequestMapping("/resource") 22 public class ResourceController { 23 24 @Autowired 25 private ResourceService resourceService; 26 27 @ModelAttribute("types") 28 public Resource.ResourceType[] resourceTypes() { 29 return Resource.ResourceType.values(); 30 } 31 32 @RequiresPermissions("resource:view") 33 @RequestMapping(method = RequestMethod.GET) 34 public String list(Model model) { 35 model.addAttribute("resourceList", resourceService.findAll()); 36 return "resource/list"; 37 } 38 39 @RequiresPermissions("resource:create") 40 @RequestMapping(value = "/{parentId}/appendChild", method = RequestMethod.GET) 41 public String showAppendChildForm(@PathVariable("parentId") Long parentId, Model model) { 42 Resource parent = resourceService.findOne(parentId); 43 model.addAttribute("parent", parent); 44 Resource child = new Resource(); 45 child.setParentId(parentId); 46 child.setParentIds(parent.makeSelfAsParentIds()); 47 model.addAttribute("resource", child); 48 model.addAttribute("op", "新增子节点"); 49 return "resource/edit"; 50 } 51 52 @RequiresPermissions("resource:create") 53 @RequestMapping(value = "/{parentId}/appendChild", method = RequestMethod.POST) 54 public String create(Resource resource, RedirectAttributes redirectAttributes) { 55 resourceService.createResource(resource); 56 redirectAttributes.addFlashAttribute("msg", "新增子节点成功"); 57 return "redirect:/resource"; 58 } 59 60 @RequiresPermissions("resource:update") 61 @RequestMapping(value = "/{id}/update", method = RequestMethod.GET) 62 public String showUpdateForm(@PathVariable("id") Long id, Model model) { 63 model.addAttribute("resource", resourceService.findOne(id)); 64 model.addAttribute("op", "修改"); 65 return "resource/edit"; 66 } 67 68 @RequiresPermissions("resource:update") 69 @RequestMapping(value = "/{id}/update", method = RequestMethod.POST) 70 public String update(Resource resource, RedirectAttributes redirectAttributes) { 71 resourceService.updateResource(resource); 72 redirectAttributes.addFlashAttribute("msg", "修改成功"); 73 return "redirect:/resource"; 74 } 75 76 @RequiresPermissions("resource:delete") 77 @RequestMapping(value = "/{id}/delete", method = RequestMethod.GET) 78 public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) { 79 resourceService.deleteResource(id); 80 redirectAttributes.addFlashAttribute("msg", "删除成功"); 81 return "redirect:/resource"; 82 } 83 84 }
1 package com.github.zhangkaitao.shiro.chapter21.web.controller; 2 3 import com.github.zhangkaitao.shiro.chapter21.entity.Role; 4 import com.github.zhangkaitao.shiro.chapter21.service.ResourceService; 5 import com.github.zhangkaitao.shiro.chapter21.service.RoleService; 6 import org.apache.shiro.authz.annotation.RequiresPermissions; 7 import org.springframework.beans.factory.annotation.Autowired; 8 import org.springframework.stereotype.Controller; 9 import org.springframework.ui.Model; 10 import org.springframework.web.bind.annotation.PathVariable; 11 import org.springframework.web.bind.annotation.RequestMapping; 12 import org.springframework.web.bind.annotation.RequestMethod; 13 import org.springframework.web.servlet.mvc.support.RedirectAttributes; 14 15 /** 16 * <p>User: Zhang Kaitao 17 * <p>Date: 14-2-14 18 * <p>Version: 1.0 19 */ 20 @Controller 21 @RequestMapping("/role") 22 public class RoleController { 23 24 @Autowired 25 private RoleService roleService; 26 27 @Autowired 28 private ResourceService resourceService; 29 30 @RequiresPermissions("role:view") 31 @RequestMapping(method = RequestMethod.GET) 32 public String list(Model model) { 33 model.addAttribute("roleList", roleService.findAll()); 34 return "role/list"; 35 } 36 37 @RequiresPermissions("role:create") 38 @RequestMapping(value = "/create", method = RequestMethod.GET) 39 public String showCreateForm(Model model) { 40 setCommonData(model); 41 model.addAttribute("role", new Role()); 42 model.addAttribute("op", "新增"); 43 return "role/edit"; 44 } 45 46 @RequiresPermissions("role:create") 47 @RequestMapping(value = "/create", method = RequestMethod.POST) 48 public String create(Role role, RedirectAttributes redirectAttributes) { 49 roleService.createRole(role); 50 redirectAttributes.addFlashAttribute("msg", "新增成功"); 51 return "redirect:/role"; 52 } 53 54 @RequiresPermissions("role:update") 55 @RequestMapping(value = "/{id}/update", method = RequestMethod.GET) 56 public String showUpdateForm(@PathVariable("id") Long id, Model model) { 57 setCommonData(model); 58 model.addAttribute("role", roleService.findOne(id)); 59 model.addAttribute("op", "修改"); 60 return "role/edit"; 61 } 62 63 @RequiresPermissions("role:update") 64 @RequestMapping(value = "/{id}/update", method = RequestMethod.POST) 65 public String update(Role role, RedirectAttributes redirectAttributes) { 66 roleService.updateRole(role); 67 redirectAttributes.addFlashAttribute("msg", "修改成功"); 68 return "redirect:/role"; 69 } 70 71 @RequiresPermissions("role:delete") 72 @RequestMapping(value = "/{id}/delete", method = RequestMethod.GET) 73 public String showDeleteForm(@PathVariable("id") Long id, Model model) { 74 setCommonData(model); 75 model.addAttribute("role", roleService.findOne(id)); 76 model.addAttribute("op", "删除"); 77 return "role/edit"; 78 } 79 80 @RequiresPermissions("role:delete") 81 @RequestMapping(value = "/{id}/delete", method = RequestMethod.POST) 82 public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) { 83 roleService.deleteRole(id); 84 redirectAttributes.addFlashAttribute("msg", "删除成功"); 85 return "redirect:/role"; 86 } 87 88 private void setCommonData(Model model) { 89 model.addAttribute("resourceList", resourceService.findAll()); 90 } 91 92 }
1 package com.github.zhangkaitao.shiro.chapter21.web.controller; 2 3 import com.github.zhangkaitao.shiro.chapter21.entity.User; 4 import com.github.zhangkaitao.shiro.chapter21.service.*; 5 import com.github.zhangkaitao.shiro.chapter21.service.RoleService; 6 import com.github.zhangkaitao.shiro.chapter21.service.UserService; 7 import org.apache.shiro.authz.annotation.RequiresPermissions; 8 import org.springframework.beans.factory.annotation.Autowired; 9 import org.springframework.stereotype.Controller; 10 import org.springframework.ui.Model; 11 import org.springframework.web.bind.annotation.PathVariable; 12 import org.springframework.web.bind.annotation.RequestMapping; 13 import org.springframework.web.bind.annotation.RequestMethod; 14 import org.springframework.web.servlet.mvc.support.RedirectAttributes; 15 16 /** 17 * <p>User: Zhang Kaitao 18 * <p>Date: 14-2-14 19 * <p>Version: 1.0 20 */ 21 @Controller 22 @RequestMapping("/user") 23 public class UserController { 24 25 @Autowired 26 private UserService userService; 27 28 @Autowired 29 private OrganizationService organizationService; 30 @Autowired 31 private RoleService roleService; 32 33 @RequiresPermissions("user:view") 34 @RequestMapping(method = RequestMethod.GET) 35 public String list(Model model) { 36 model.addAttribute("userList", userService.findAll()); 37 return "user/list"; 38 } 39 40 @RequiresPermissions("user:create") 41 @RequestMapping(value = "/create", method = RequestMethod.GET) 42 public String showCreateForm(Model model) { 43 setCommonData(model); 44 model.addAttribute("user", new User()); 45 model.addAttribute("op", "新增"); 46 return "user/edit"; 47 } 48 49 @RequiresPermissions("user:create") 50 @RequestMapping(value = "/create", method = RequestMethod.POST) 51 public String create(User user, RedirectAttributes redirectAttributes) { 52 userService.createUser(user); 53 redirectAttributes.addFlashAttribute("msg", "新增成功"); 54 return "redirect:/user"; 55 } 56 57 @RequiresPermissions("user:update") 58 @RequestMapping(value = "/{id}/update", method = RequestMethod.GET) 59 public String showUpdateForm(@PathVariable("id") Long id, Model model) { 60 setCommonData(model); 61 model.addAttribute("user", userService.findOne(id)); 62 model.addAttribute("op", "修改"); 63 return "user/edit"; 64 } 65 66 @RequiresPermissions("user:update") 67 @RequestMapping(value = "/{id}/update", method = RequestMethod.POST) 68 public String update(User user, RedirectAttributes redirectAttributes) { 69 userService.updateUser(user); 70 redirectAttributes.addFlashAttribute("msg", "修改成功"); 71 return "redirect:/user"; 72 } 73 74 @RequiresPermissions("user:delete") 75 @RequestMapping(value = "/{id}/delete", method = RequestMethod.GET) 76 public String showDeleteForm(@PathVariable("id") Long id, Model model) { 77 setCommonData(model); 78 model.addAttribute("user", userService.findOne(id)); 79 model.addAttribute("op", "删除"); 80 return "user/edit"; 81 } 82 83 @RequiresPermissions("user:delete") 84 @RequestMapping(value = "/{id}/delete", method = RequestMethod.POST) 85 public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) { 86 userService.deleteUser(id); 87 redirectAttributes.addFlashAttribute("msg", "删除成功"); 88 return "redirect:/user"; 89 } 90 91 92 @RequiresPermissions("user:update") 93 @RequestMapping(value = "/{id}/changePassword", method = RequestMethod.GET) 94 public String showChangePasswordForm(@PathVariable("id") Long id, Model model) { 95 model.addAttribute("user", userService.findOne(id)); 96 model.addAttribute("op", "修改密码"); 97 return "user/changePassword"; 98 } 99 100 @RequiresPermissions("user:update") 101 @RequestMapping(value = "/{id}/changePassword", method = RequestMethod.POST) 102 public String changePassword(@PathVariable("id") Long id, String newPassword, RedirectAttributes redirectAttributes) { 103 userService.changePassword(id, newPassword); 104 redirectAttributes.addFlashAttribute("msg", "修改密码成功"); 105 return "redirect:/user"; 106 } 107 108 private void setCommonData(Model model) { 109 model.addAttribute("organizationList", organizationService.findAll()); 110 model.addAttribute("roleList", roleService.findAll()); 111 } 112 }
1 package com.github.zhangkaitao.shiro.chapter21.web.controller; 2 3 import org.apache.shiro.authc.IncorrectCredentialsException; 4 import org.apache.shiro.authc.UnknownAccountException; 5 import org.springframework.stereotype.Controller; 6 import org.springframework.ui.Model; 7 import org.springframework.web.bind.annotation.RequestMapping; 8 9 import javax.servlet.http.HttpServletRequest; 10 11 /** 12 * <p>User: Zhang Kaitao 13 * <p>Date: 14-2-15 14 * <p>Version: 1.0 15 */ 16 @Controller 17 public class LoginController { 18 19 @RequestMapping(value = "/login" ) 20 public String showLoginForm(HttpServletRequest req, Model model) { 21 String exceptionClassName = (String)req.getAttribute("shiroLoginFailure"); 22 String error = null; 23 if(UnknownAccountException.class.getName().equals(exceptionClassName)) { 24 error = "用户名/密码错误"; 25 } else if(IncorrectCredentialsException.class.getName().equals(exceptionClassName)) { 26 error = "用户名/密码错误"; 27 } else if(exceptionClassName != null) { 28 error = "其他错误:" + exceptionClassName; 29 } 30 model.addAttribute("error", error); 31 return "login"; 32 } 33 34 35 }
1 package com.github.zhangkaitao.shiro.chapter21.web.controller; 2 3 import com.github.zhangkaitao.shiro.chapter21.entity.Resource; 4 import com.github.zhangkaitao.shiro.chapter21.entity.User; 5 import com.github.zhangkaitao.shiro.chapter21.web.bind.annotation.CurrentUser; 6 import com.github.zhangkaitao.shiro.chapter21.service.ResourceService; 7 import com.github.zhangkaitao.shiro.chapter21.service.UserService; 8 import org.springframework.beans.factory.annotation.Autowired; 9 import org.springframework.stereotype.Controller; 10 import org.springframework.ui.Model; 11 import org.springframework.web.bind.annotation.RequestMapping; 12 13 import java.util.List; 14 import java.util.Set; 15 16 /** 17 * <p>User: Zhang Kaitao 18 * <p>Date: 14-2-14 19 * <p>Version: 1.0 20 */ 21 @Controller 22 public class IndexController { 23 24 @Autowired 25 private ResourceService resourceService; 26 @Autowired 27 private UserService userService; 28 29 @RequestMapping("/") 30 public String index(@CurrentUser User loginUser, Model model) { 31 Set<String> permissions = userService.findPermissions(loginUser.getUsername()); 32 List<Resource> menus = resourceService.findMenus(permissions); 33 model.addAttribute("menus", menus); 34 return "index"; 35 } 36 37 @RequestMapping("/welcome") 38 public String welcome() { 39 return "welcome"; 40 } 41 42 43 }
RunAsController:
(1)简要总览
四个方法:展示,授予,收回,切换。
1 @Controller 2 @RequestMapping("/runas") 3 public class RunAsController { 4 5 @Autowired 6 private UserRunAsService userRunAsService; 7 8 @Autowired 9 private UserService userService; 10 11 @RequestMapping 12 public String runasList( 13 @CurrentUser User loginUser, 14 Model model) { 15 ... 16 } 17 18 @RequestMapping("/grant/{toUserId}") 19 public String grant( 20 @CurrentUser User loginUser, 21 @PathVariable("toUserId") Long toUserId, 22 RedirectAttributes redirectAttributes) { 23 ... 24 } 25 26 @RequestMapping("/revoke/{toUserId}") 27 public String revoke( 28 @CurrentUser User loginUser, 29 @PathVariable("toUserId") Long toUserId, 30 RedirectAttributes redirectAttributes) { 31 ... 32 } 33 34 @RequestMapping("/switchTo/{switchToUserId}") 35 public String switchTo( 36 @CurrentUser User loginUser, 37 @PathVariable("switchToUserId") Long switchToUserId, 38 RedirectAttributes redirectAttributes) { 39 ... 40 } 41 42 @RequestMapping("/switchBack") 43 public String switchBack(RedirectAttributes redirectAttributes) { 44 ... 45 } 46 }
(2)runasList
runasList 展示当前用户能切换到的身份列表,及授予给其他人的身份列表。
1 @RequestMapping 2 public String runasList(@CurrentUser User loginUser, Model model) { 3 //fromUserId是A,toUserId是B。 4 //A:授予别人身份的user(领导),B:被授予身份的user(秘书) 5 //B可以假借A的身份进行访问 6 7 //查询当前用户是不是被授予身份的,并存好 8 model.addAttribute("fromUserIds", userRunAsService.findFromUserIds(loginUser.getId())); 9 //查询当前用户有没有授予别人身份,并存好 10 model.addAttribute("toUserIds", userRunAsService.findToUserIds(loginUser.getId())); 11 12 //获得除该用户之外的所有users 13 List<User> allUsers = userService.findAll(); 14 allUsers.remove(loginUser); 15 model.addAttribute("allUsers", allUsers); 16 17 Subject subject = SecurityUtils.getSubject(); 18 //subject.isRunAs,用于判定该用户是不是已经是RunAs用户 19 model.addAttribute("isRunas", subject.isRunAs()); 20 if(subject.isRunAs()) { 21 //一个用户可以切换很多次身份,之前的身份用栈存储 22 String previousUsername = 23 (String)subject.getPreviousPrincipals().getPrimaryPrincipal(); 24 model.addAttribute("previousUsername", previousUsername); 25 } 26 27 return "runas"; 28 }
(2)grant
1 @RequestMapping("/grant/{toUserId}") 2 public String grant( 3 @CurrentUser User loginUser, 4 @PathVariable("toUserId") Long toUserId, 5 RedirectAttributes redirectAttributes) { 6 7 if(loginUser.getId().equals(toUserId)) { 8 redirectAttributes.addFlashAttribute("msg", "自己不能切换到自己的身份"); 9 return "redirect:/runas"; 10 } 11 12 userRunAsService.grantRunAs(loginUser.getId(), toUserId); 13 redirectAttributes.addFlashAttribute("msg", "操作成功"); 14 return "redirect:/runas"; 15 }
(3)revoke
1 @RequestMapping("/revoke/{toUserId}") 2 public String revoke( 3 @CurrentUser User loginUser, 4 @PathVariable("toUserId") Long toUserId, 5 RedirectAttributes redirectAttributes) { 6 userRunAsService.revokeRunAs(loginUser.getId(), toUserId); 7 redirectAttributes.addFlashAttribute("msg", "操作成功"); 8 return "redirect:/runas"; 9 }
(4)switchTo
1 @RequestMapping("/switchTo/{switchToUserId}") 2 public String switchTo( 3 @CurrentUser User loginUser, 4 @PathVariable("switchToUserId") Long switchToUserId, 5 RedirectAttributes redirectAttributes) { 6 7 Subject subject = SecurityUtils.getSubject(); 8 //查找要切换的用户 9 User switchToUser = userService.findOne(switchToUserId); 10 if(loginUser.equals(switchToUser)) { 11 redirectAttributes.addFlashAttribute("msg", "自己不能切换到自己的身份"); 12 return "redirect:/runas"; 13 } 14 15 //判定能否切换 16 if(switchToUser == null || !userRunAsService.exists(switchToUserId, loginUser.getId())) { 17 redirectAttributes.addFlashAttribute("msg", "对方没有授予您身份,不能切换"); 18 return "redirect:/runas"; 19 } 20 21 //切换身份 22 subject.runAs(new SimplePrincipalCollection(switchToUser.getUsername(), "")); 23 redirectAttributes.addFlashAttribute("msg", "操作成功"); 24 redirectAttributes.addFlashAttribute("needRefresh", "true"); 25 return "redirect:/runas"; 26 }
(5)switchBack
要注意的是,数据使用栈数据结构保存的。所以如果A --> B, B-->C, 那么C要调用两次releaseRunAs()才能切换回A。
同样,Subject. getPreviousPrincipals()得到上一次切换到的身份,比如当前是 C;那么调用该 API将得到 B 的身份。
1 @RequestMapping("/switchBack") 2 public String switchBack(RedirectAttributes redirectAttributes) { 3 4 Subject subject = SecurityUtils.getSubject(); 5 6 if(subject.isRunAs()) {//现在是切换的身份中 7 //切换至上一个身份 8 subject.releaseRunAs(); 9 } 10 redirectAttributes.addFlashAttribute("msg", "操作成功"); 11 redirectAttributes.addFlashAttribute("needRefresh", "true"); 12 return "redirect:/runas"; 13 }
综上可知:
要区分,授予身份与切换身份。
1.A授予身份时
1 首先判定是不是给自己授予身份 2 如果不是,就调用这句话:userRunAsService.grantRunAs(loginUser.getId(), toUserId); 3 而这句话,执行的sql语句是:String sql = "insert into sys_user_runas(from_user_id, to_user_id) values (?,?)"; 4 即它只是在数据库的runas表里插入了一条(A,B)记录。
2.回收身份时,类似,只是删除了一条(A,B)记录。
3.A切换身份至B时
1 先找到这个要切换的B,确认存在并且不等于A 2 然后判定B是否被A授予了身份,执行的sql是:String sql = "select count(1) from sys_user_runas where from_user_id=? and to_user_id=?"; 即判定关系(A,B)是否存在。 3 然后进行身份的切换:subject.runAs(new SimplePrincipalCollection(switchToUser.getUsername(), ""));
4.B切换回A时
先判定这个身份是不是被授予的身份:subject.isRunAs()
然后切换回上一个(从栈数据中拿上一个身份的信息):subject.releaseRunAs();
即,身份的切换是shiro帮我们做好的。我们要做的就是,维护 (fromUserId,toUserId)的关系。换句话说,授予身份由我们完成,切换身份由shiro完成。