zoukankan      html  css  js  c++  java
  • Shiro Authorizer授权器

    If Else授权

      角色检查 

    Subject currentUser = SecurityUtils.getSubject();
    
    if (currentUser.hasRole("administrator")) {
        //show the admin button 
    } else {
        //don't show the button?  Grey it out? 
    }

      角色断言

    Subject currentUser = SecurityUtils.getSubject();
    
    //guarantee that the current user is a bank teller and 
    //therefore allowed to open the account: 
    currentUser.checkRole("bankTeller");
    openBankAccount();

      权限检查

        基于Permission对象的权限检查

    Subject subject = SecurityUtils.getSubject();
            Permission permission = new DomainPermission("hello/world.action", "hello:world");
            if (subject.isPermitted(permission)) {
                //show the some button 
            } else {
                //don't show anything
            }

        基于字符串的权限检查

    Subject subject = SecurityUtils.getSubject();
            if (subject.isPermitted("hello:world")) {
                //show the some button 
            } else {
                //don't show anything
            }

    Shiro的默认org.apache.shiro.authz.permission.WildcardPermission实现定义的特殊冒号分隔格式

    Subject subject = SecurityUtils.getSubject();
            Permission permission = new WildcardPermission("hello:world");
            if (subject.isPermitted(permission)) {
                //show the some button 
            } else {
                //don't show anything
            }

       权限断言

    Subject subject = SecurityUtils.getSubject();
            subject.checkPermission(new WildcardPermission("hello:world"));

    注解授权

      @RequiresAuthentication注解

      当前Subject必须是认证通过了的才能访问该方法

    @RequiresAuthentication
        public void updateGood(Good good) {
            //this method will only be invoked by a
            //Subject that is guaranteed authenticated
        }

    相当于

    public void updateGood(Good good) {
            if (!SecurityUtils.getSubject().isAuthenticated())
                throw new AuthenticationException();
        }

       @RequiresGuest注解

        当前Subject只能是未注册的仅是一个客人

    @RequiresGuest
        public void updateGood(Good good) {
            //this method will only be invoked by a
            //Subject that is unknown/anonymous
        }

    相当于

    @RequiresGuest
        public void updateGood(Good good) {
            Subject subject = SecurityUtils.getSubject();
            PrincipalCollection principalCollection = subject.getPrincipals();
            if (principalCollection != null && !principalCollection.isEmpty())
                throw new AuthenticationException();
        }

      @RequiresPermissions注解

      当前Subject必须有指定的权限

    @RequiresPermissions("hello:world")
        public void updateGood(Good good) {
            
        }

      @RequiresRoles注解

      当前Subject必须是指定的角色

    @RequiresRoles("admin")
        public void updateGood(Good good) {
            
        }

      @RequiresUser注解

      当前Subject必须是注册过的

    @RequiresUser
    public void updateGood(Good good) {
    
    }

    相当于

    public void updateGood(Good good) {
            Subject subject = SecurityUtils.getSubject();
            PrincipalCollection principalCollection = subject.getPrincipals();
            if (principalCollection == null || principalCollection.isEmpty())
                throw new AuthenticationException();
        }

    授权过程

    权限

      多个值  

    hello:world,shiro

      通配符

    hello:*

      

  • 相关阅读:
    《新下级学》第八章第八、九节——责任总论等
    《新下级学》第八章第五、六、七节——信息不透明导致奖金失效等
    《新下级学》第八章第四节——不信任沟通
    《新下级学》第八章第三节——信任沟通
    《新下级学》第八章第二节——沟通工具
    《新下级学》第八章序和第一节——宏观互动
    《新下级学》第七章第五节——互动的陷阱
    《新下级学》第七章第四节——互动的三个频道
    GPS校时设备,GPS对时产品,NTP授时服务器
    北斗授时设备(NTP)在医疗行业的重要性
  • 原文地址:https://www.cnblogs.com/BINGJJFLY/p/8968046.html
Copyright © 2011-2022 走看看