实现对特定角色和特定路径拦截
This commit is contained in:
fjy8018@qq.com
34
sql.sql
34
sql.sql
@@ -1,7 +1,10 @@
|
|||||||
DROP DATABASE db_shiroTest;
|
DROP DATABASE db_shiroTest;
|
||||||
GRANT ALL ON db_shiroTest.* TO trs@localhost IDENTIFIED BY 'shiro';
|
GRANT ALL ON db_shiroTest.* TO trs@localhost
|
||||||
flush privileges;
|
IDENTIFIED BY 'shiro';
|
||||||
CREATE DATABASE IF NOT EXISTS db_shiroTest DEFAULT CHARSET utf8mb4 COLLATE utf8mb4_general_ci;
|
FLUSH PRIVILEGES;
|
||||||
|
CREATE DATABASE IF NOT EXISTS db_shiroTest
|
||||||
|
DEFAULT CHARSET utf8mb4
|
||||||
|
COLLATE utf8mb4_general_ci;
|
||||||
USE db_shiroTest;
|
USE db_shiroTest;
|
||||||
-- 权限表 --
|
-- 权限表 --
|
||||||
CREATE TABLE permission (
|
CREATE TABLE permission (
|
||||||
@@ -9,7 +12,9 @@ CREATE TABLE permission (
|
|||||||
name VARCHAR(255) NOT NULL DEFAULT '',
|
name VARCHAR(255) NOT NULL DEFAULT '',
|
||||||
url VARCHAR(255) DEFAULT '',
|
url VARCHAR(255) DEFAULT '',
|
||||||
PRIMARY KEY (pid)
|
PRIMARY KEY (pid)
|
||||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
|
)
|
||||||
|
ENGINE = InnoDB
|
||||||
|
DEFAULT CHARSET = utf8mb4;
|
||||||
|
|
||||||
-- 用户表 --
|
-- 用户表 --
|
||||||
CREATE TABLE user (
|
CREATE TABLE user (
|
||||||
@@ -17,14 +22,18 @@ CREATE TABLE user (
|
|||||||
username VARCHAR(255) NOT NULL DEFAULT '',
|
username VARCHAR(255) NOT NULL DEFAULT '',
|
||||||
password VARCHAR(255) NOT NULL DEFAULT '',
|
password VARCHAR(255) NOT NULL DEFAULT '',
|
||||||
PRIMARY KEY (uid)
|
PRIMARY KEY (uid)
|
||||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
|
)
|
||||||
|
ENGINE = InnoDB
|
||||||
|
DEFAULT CHARSET = utf8mb4;
|
||||||
|
|
||||||
-- 角色表 --
|
-- 角色表 --
|
||||||
CREATE TABLE role (
|
CREATE TABLE role (
|
||||||
rid INT(11) NOT NULL AUTO_INCREMENT,
|
rid INT(11) NOT NULL AUTO_INCREMENT,
|
||||||
rname VARCHAR(255) NOT NULL DEFAULT '',
|
rname VARCHAR(255) NOT NULL DEFAULT '',
|
||||||
PRIMARY KEY (rid)
|
PRIMARY KEY (rid)
|
||||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
|
)
|
||||||
|
ENGINE = InnoDB
|
||||||
|
DEFAULT CHARSET = utf8mb4;
|
||||||
|
|
||||||
-- 权限角色关系表 --
|
-- 权限角色关系表 --
|
||||||
CREATE TABLE permission_role (
|
CREATE TABLE permission_role (
|
||||||
@@ -32,7 +41,9 @@ CREATE TABLE permission_role (
|
|||||||
pid INT(11) NOT NULL,
|
pid INT(11) NOT NULL,
|
||||||
CONSTRAINT FK_prid FOREIGN KEY (rid) REFERENCES role (rid),
|
CONSTRAINT FK_prid FOREIGN KEY (rid) REFERENCES role (rid),
|
||||||
CONSTRAINT FK_pid FOREIGN KEY (pid) REFERENCES permission (pid)
|
CONSTRAINT FK_pid FOREIGN KEY (pid) REFERENCES permission (pid)
|
||||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
|
)
|
||||||
|
ENGINE = InnoDB
|
||||||
|
DEFAULT CHARSET = utf8mb4;
|
||||||
|
|
||||||
-- 用户角色关系表 --
|
-- 用户角色关系表 --
|
||||||
CREATE TABLE user_role (
|
CREATE TABLE user_role (
|
||||||
@@ -40,7 +51,9 @@ CREATE TABLE user_role (
|
|||||||
uid INT(11) NOT NULL,
|
uid INT(11) NOT NULL,
|
||||||
CONSTRAINT FK_urid FOREIGN KEY (rid) REFERENCES role (rid),
|
CONSTRAINT FK_urid FOREIGN KEY (rid) REFERENCES role (rid),
|
||||||
CONSTRAINT FK_uid FOREIGN KEY (uid) REFERENCES user (uid)
|
CONSTRAINT FK_uid FOREIGN KEY (uid) REFERENCES user (uid)
|
||||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
|
)
|
||||||
|
ENGINE = InnoDB
|
||||||
|
DEFAULT CHARSET = utf8mb4;
|
||||||
|
|
||||||
-- 初始化数据 --
|
-- 初始化数据 --
|
||||||
INSERT INTO permission (pid, name, url) VALUE ('1', 'add', '');
|
INSERT INTO permission (pid, name, url) VALUE ('1', 'add', '');
|
||||||
@@ -68,7 +81,10 @@ INSERT INTO permission_role (rid, pid) VALUE ('3','4');
|
|||||||
INSERT INTO user_role (rid, uid) VALUE ('1', '1');
|
INSERT INTO user_role (rid, uid) VALUE ('1', '1');
|
||||||
INSERT INTO user_role (rid, uid) VALUE ('2', '2');
|
INSERT INTO user_role (rid, uid) VALUE ('2', '2');
|
||||||
|
|
||||||
SELECT u.*,r.*,p.*
|
SELECT
|
||||||
|
u.*,
|
||||||
|
r.*,
|
||||||
|
p.*
|
||||||
FROM user u
|
FROM user u
|
||||||
INNER JOIN user_role ur ON ur.uid = u.uid
|
INNER JOIN user_role ur ON ur.uid = u.uid
|
||||||
INNER JOIN role r ON ur.uid = r.rid
|
INNER JOIN role r ON ur.uid = r.rid
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ import java.util.LinkedHashMap;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* shiro核心配置
|
* shiro核心配置
|
||||||
|
*
|
||||||
* @author F嘉阳
|
* @author F嘉阳
|
||||||
* @date 2018/7/6 10:29
|
* @date 2018/7/6 10:29
|
||||||
*/
|
*/
|
||||||
@@ -37,6 +38,13 @@ public class ShiroConfiguration {
|
|||||||
filterChainDefinitionMap.put("/index", "authc");
|
filterChainDefinitionMap.put("/index", "authc");
|
||||||
// 登录页无需拦截,anon即匿名访问
|
// 登录页无需拦截,anon即匿名访问
|
||||||
filterChainDefinitionMap.put("/login", "anon");
|
filterChainDefinitionMap.put("/login", "anon");
|
||||||
|
filterChainDefinitionMap.put("/doLogin","anon");
|
||||||
|
|
||||||
|
// 指定页面只能给指定用户访问,校验角色名称类org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
|
||||||
|
filterChainDefinitionMap.put("/admin","roles[admin]");
|
||||||
|
|
||||||
|
// 用户登录后可以访问所有接口
|
||||||
|
filterChainDefinitionMap.put("/**", "user");
|
||||||
|
|
||||||
bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
|
bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
|
||||||
|
|
||||||
@@ -54,6 +62,7 @@ public class ShiroConfiguration {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* 自定义的Realm
|
* 自定义的Realm
|
||||||
|
*
|
||||||
* @param matcher
|
* @param matcher
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@@ -66,6 +75,7 @@ public class ShiroConfiguration {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* 自定义密码校验规则
|
* 自定义密码校验规则
|
||||||
|
*
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@Bean("credentialsMatcher")
|
@Bean("credentialsMatcher")
|
||||||
@@ -75,6 +85,7 @@ public class ShiroConfiguration {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* 配置spring与shiro关联,指定spring使用的SecurityManager为自定义的SecurityManager
|
* 配置spring与shiro关联,指定spring使用的SecurityManager为自定义的SecurityManager
|
||||||
|
*
|
||||||
* @param securityManager
|
* @param securityManager
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@@ -88,6 +99,7 @@ public class ShiroConfiguration {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* 代理所有servlet的过滤器链
|
* 代理所有servlet的过滤器链
|
||||||
|
*
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
|
|||||||
@@ -40,4 +40,13 @@ public class LoginController {
|
|||||||
return "login";
|
return "login";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@RequestMapping("/logout")
|
||||||
|
public String logout() {
|
||||||
|
Subject subject = SecurityUtils.getSubject();
|
||||||
|
if (subject != null) {
|
||||||
|
subject.logout();
|
||||||
|
}
|
||||||
|
return "login";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,9 +2,11 @@ package top.fjy8018.shiro.controller;
|
|||||||
|
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 页面导航
|
* 页面导航
|
||||||
|
*
|
||||||
* @author F嘉阳
|
* @author F嘉阳
|
||||||
* @date 2018/7/6 10:57
|
* @date 2018/7/6 10:57
|
||||||
*/
|
*/
|
||||||
@@ -15,4 +17,11 @@ public class NavController {
|
|||||||
public String index() {
|
public String index() {
|
||||||
return "index";
|
return "index";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@RequestMapping("/admin")
|
||||||
|
@ResponseBody
|
||||||
|
public String admin() {
|
||||||
|
return "admin success";
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* 自定义校验规则
|
* 自定义校验规则
|
||||||
|
*
|
||||||
* @author F嘉阳
|
* @author F嘉阳
|
||||||
* @date 2018/7/6 10:25
|
* @date 2018/7/6 10:25
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ import lombok.Data;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* 登录表单
|
* 登录表单
|
||||||
|
*
|
||||||
* @author F嘉阳
|
* @author F嘉阳
|
||||||
* @date 2018/7/6 10:59
|
* @date 2018/7/6 10:59
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -27,6 +27,7 @@ public class AuthRealm extends AuthorizingRealm {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* shiro登录成功后的授权方法
|
* shiro登录成功后的授权方法
|
||||||
|
*
|
||||||
* @param principalCollection
|
* @param principalCollection
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@@ -36,10 +37,12 @@ public class AuthRealm extends AuthorizingRealm {
|
|||||||
User user = (User) principalCollection.fromRealm(this.getClass().getName()).iterator().next();
|
User user = (User) principalCollection.fromRealm(this.getClass().getName()).iterator().next();
|
||||||
|
|
||||||
List<String> permissionList = new ArrayList<>();
|
List<String> permissionList = new ArrayList<>();
|
||||||
|
List<String> roleList = new ArrayList<>();
|
||||||
Set<Role> roleSet = user.getRoles();
|
Set<Role> roleSet = user.getRoles();
|
||||||
// 取角色
|
// 取角色
|
||||||
if (CollectionUtils.isNotEmpty(roleSet)) {
|
if (CollectionUtils.isNotEmpty(roleSet)) {
|
||||||
for (Role role : roleSet) {
|
for (Role role : roleSet) {
|
||||||
|
roleList.add(role.getRname());
|
||||||
// 取权限
|
// 取权限
|
||||||
Set<Permission> permissionSet = role.getPermissions();
|
Set<Permission> permissionSet = role.getPermissions();
|
||||||
if (CollectionUtils.isNotEmpty(permissionSet)) {
|
if (CollectionUtils.isNotEmpty(permissionSet)) {
|
||||||
@@ -52,12 +55,14 @@ public class AuthRealm extends AuthorizingRealm {
|
|||||||
}
|
}
|
||||||
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
|
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
|
||||||
info.addStringPermissions(permissionList);
|
info.addStringPermissions(permissionList);
|
||||||
|
info.addRoles(roleList);
|
||||||
|
|
||||||
return info;
|
return info;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 认证登录
|
* 认证登录
|
||||||
|
*
|
||||||
* @param authenticationToken
|
* @param authenticationToken
|
||||||
* @return
|
* @return
|
||||||
* @throws AuthenticationException
|
* @throws AuthenticationException
|
||||||
|
|||||||
Reference in New Issue
Block a user