一、先進行用戶-角色-權限數據分配
1:在role表中添加2個角色 部門經理(deptMgr) 人事經理(empMgr)
2:給人事經理分配權限:員工的crud權限 。在role_permission表中添加4條數據
3:給用戶指派某個角色:給zhangsan指定人事經理這個角色 在user_role表中添加1條數據
二、數據庫方式授權
1.在自定義的UserRealm添加2個屬性:IRoleDAO IPermissionDAO
注意:同時修改spring-shiro.xml文件中UserRealm定義,注入dao實現類
public class UserRealm extends AuthorizingRealm {
@Setter
private IUserDAO userDAO;
@Setter
private IRoleDAO roleDAO;
@Setter
private IPermissionDAO permissionDAO;
//認證操作
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//從token中獲取登錄的用戶名, 查詢數據庫返回用戶信息
String username = (String) token.getPrincipal();
User user = userDAO.getUserByUsername(username);
if(user == null){
return null;
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(),
ByteSource.Util.bytes(user.getUsername()),
getName());
return info;
}
@Override
public String getName() {
return "UserRealm";
}
//授權操作
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
User user = (User) principals.getPrimaryPrincipal();
List<String> permissions = new ArrayList<String>();
List<String> roles = new ArrayList<>();
if("admin".equals(user.getUsername())){
//擁有所有權限
permissions.add("*:*");
//查詢所有角色
roles = roleDAO.getAllRoleSn();
}else{
//根據用戶id查詢該用戶所具有的角色
roles = roleDAO.getRoleSnByUserId(user.getId());
//根據用戶id查詢該用戶所具有的權限
permissions = permissionDAO.getPermissionResourceByUserId(user.getId());
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermissions(permissions);
info.addRoles(roles);
return info;
}
}
其中IRoleDAO(getRoleSnByUserId方法) IPermissionDAO(getPermissionResourceByUserId方法)的sql語句爲
// IPermissionDAO中
@Override
public List<String> getPermissionResourceByUserId(Long userId) {
String sql = "select resource from permission where id in(" +
" select permission_id from role_permission where role_id in(" +
" select role_id from user_role where user_id = ?)" +
" );";
try {
return template.query(sql, new RowMapper<String>() {
@Override
public String mapRow(ResultSet rs, int rowNum) throws SQLException {
return rs.getString("resource");
}
}, userId);
}catch (Exception e){
e.printStackTrace();
}
return new ArrayList<>();
}
//IRoleDAO中
@Override
public List<String> getRoleSnByUserId(Long userId) {
String sql = "select sn from role where id in (select role_id from user_role where user_id = ?)";
try {
return template.query(sql, new RowMapper<String>() {
@Override
public String mapRow(ResultSet rs, int rowNum) throws SQLException {
return rs.getString("sn");
}
}, userId);
} catch (Exception e) {
e.printStackTrace();
}
return new ArrayList<>();
}
4:測試
1>先使用zhangsan賬號登錄查看是否有部門操作權限, 如果沒有表示授權成功
2>再使用admin賬號登錄,查看是否有部門操作權 如果沒有表示授權失敗