代碼延續地址：Shiro+springboot+mybatis(md5+salt+散列）認證與授權-01

---

1.創建t_role角色表(比如管理員admin，普通用戶user等），創建t_pers權限表（比如add,update,delete等），t_user_role與t_role_pers作為三個表的中間表（因為這三個表之間是多對多的關系)

2.UserMapper.xml新增sql查詢

<select id="findByRolesUserName" parameterType="String" resultMap="userMap">select u.id uid,u.username,r.id rid,r.namefrom t_user uleft join t_user_role uron u.id=ur.userIdleft join t_role ron ur.roleId=r.idwhere u.username=#{username};</select><select id="findPermsByRoleId" parameterType="String" resultType="com.hao.springboot.entity.Pers">select p.id,p.name,p.url,r.namefrom t_role rleft join t_role_pers rpon r.id=rp.roleIdleft join t_pers pon p.id=rp.persIdwhere r.id=#{id}</select>

3.UserDao新增方法

//根據用戶名查詢所有角色User findByRolesUserName(String username);//根據角色id查詢權限集合List<Pers> findPermsByRoleId(String id);

4.Service層新增方法（接口代碼省略）

@Overridepublic User findByRolesUserName(String username) {return userDao.findByRolesUserName(username);}@Overridepublic List<Pers> findPermsByRoleId(String id) {return userDao.findPermsByRoleId(id);}

5.改變自定義realm

/*** @author:抱著魚睡覺的喵喵* @date:2020/12/29* @description: 自定義realm完成用戶認證和授權*/ public class CustomerRealm extends AuthorizingRealm {/*** 用戶授權* @param principalCollection* @return*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("調用權限認證："+principalCollection);String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();//調用身份信息獲取角色和權限信息UserService userService = (UserService) ApplicationContextUtils.getBean("userService");//根據主身份獲取角色和權限信息User users = userService.findByRolesUserName(primaryPrincipal);//授權角色信息if (!CollectionUtils.isEmpty(users.getRoles())){SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();users.getRoles().forEach(role -> {simpleAuthorizationInfo.addRole(role.getName());List<Pers> perms = userService.findPermsByRoleId(role.getId());if (!CollectionUtils.isEmpty(perms)){perms.forEach(pers -> {simpleAuthorizationInfo.addStringPermission(pers.getName());});}});return simpleAuthorizationInfo;}return null;}/*** 用戶認證* @param authenticationToken* @return* @throws AuthenticationException*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {String principal = (String) authenticationToken.getPrincipal();//在工廠中獲取業務對象UserService userService = (UserService) ApplicationContextUtils.getBean("userService");User user = userService.findByUserName(principal);if (!ObjectUtils.isEmpty(user)){return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(), ByteSource.Util.bytes(user.getSalt()),this.getName());}return null;} }

6.index.jsp

<%@page contentType="text/html; utf-8" pageEncoding="UTF-8" isELIgnored="false" %> <%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <!doctype html> <html lang="en"> <head><meta charset="UTF-8"><meta name="viewport"content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"><meta http-equiv="X-UA-Compatible" content="ie=edge"><title>Document</title> </head> <body><h1>系統主頁,歡迎你的到來</h1><a href="${pageContext.request.contextPath}/user/outLogin">退出</a><ul><shiro:hasAnyRoles name="user"><li><a href="">用戶管理</a><ul><shiro:hasPermission name="user:add:*"><li><a href="">添加用戶</a></li></shiro:hasPermission><li><a href="">刪除用戶</a></li><li><a href="">修改用戶</a></li><li><a href="">查詢用戶</a></li></ul></li></shiro:hasAnyRoles><shiro:hasRole name="product"><li><a href="">部分格式化</a> </li></shiro:hasRole><shiro:hasRole name="admin"><li><a href="">商品管理</a> </li><li><a href="">訂單管理</a> </li><li><a href="">物流管理</a> </li></shiro:hasRole><shiro:hasRole name="shper"><li><a href="">終極格式化</a> </li></shiro:hasRole></ul> </body> </html>

7.訪問http://localhost:8080/shiro/login.jsp

退出

總結

以上是生活随笔為你收集整理的Shiro+springboot+mybatis(md5+salt+散列）认证与授权-02的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。