zoukankan      html  css  js  c++  java
  • Shiro Authorizer授权器

    If Else授权

      角色检查 

    Subject currentUser = SecurityUtils.getSubject();
    
    if (currentUser.hasRole("administrator")) {
        //show the admin button 
    } else {
        //don't show the button?  Grey it out? 
    }

      角色断言

    Subject currentUser = SecurityUtils.getSubject();
    
    //guarantee that the current user is a bank teller and 
    //therefore allowed to open the account: 
    currentUser.checkRole("bankTeller");
    openBankAccount();

      权限检查

        基于Permission对象的权限检查

    Subject subject = SecurityUtils.getSubject();
            Permission permission = new DomainPermission("hello/world.action", "hello:world");
            if (subject.isPermitted(permission)) {
                //show the some button 
            } else {
                //don't show anything
            }

        基于字符串的权限检查

    Subject subject = SecurityUtils.getSubject();
            if (subject.isPermitted("hello:world")) {
                //show the some button 
            } else {
                //don't show anything
            }

    Shiro的默认org.apache.shiro.authz.permission.WildcardPermission实现定义的特殊冒号分隔格式

    Subject subject = SecurityUtils.getSubject();
            Permission permission = new WildcardPermission("hello:world");
            if (subject.isPermitted(permission)) {
                //show the some button 
            } else {
                //don't show anything
            }

       权限断言

    Subject subject = SecurityUtils.getSubject();
            subject.checkPermission(new WildcardPermission("hello:world"));

    注解授权

      @RequiresAuthentication注解

      当前Subject必须是认证通过了的才能访问该方法

    @RequiresAuthentication
        public void updateGood(Good good) {
            //this method will only be invoked by a
            //Subject that is guaranteed authenticated
        }

    相当于

    public void updateGood(Good good) {
            if (!SecurityUtils.getSubject().isAuthenticated())
                throw new AuthenticationException();
        }

       @RequiresGuest注解

        当前Subject只能是未注册的仅是一个客人

    @RequiresGuest
        public void updateGood(Good good) {
            //this method will only be invoked by a
            //Subject that is unknown/anonymous
        }

    相当于

    @RequiresGuest
        public void updateGood(Good good) {
            Subject subject = SecurityUtils.getSubject();
            PrincipalCollection principalCollection = subject.getPrincipals();
            if (principalCollection != null && !principalCollection.isEmpty())
                throw new AuthenticationException();
        }

      @RequiresPermissions注解

      当前Subject必须有指定的权限

    @RequiresPermissions("hello:world")
        public void updateGood(Good good) {
            
        }

      @RequiresRoles注解

      当前Subject必须是指定的角色

    @RequiresRoles("admin")
        public void updateGood(Good good) {
            
        }

      @RequiresUser注解

      当前Subject必须是注册过的

    @RequiresUser
    public void updateGood(Good good) {
    
    }

    相当于

    public void updateGood(Good good) {
            Subject subject = SecurityUtils.getSubject();
            PrincipalCollection principalCollection = subject.getPrincipals();
            if (principalCollection == null || principalCollection.isEmpty())
                throw new AuthenticationException();
        }

    授权过程

    权限

      多个值  

    hello:world,shiro

      通配符

    hello:*

      

  • 相关阅读:
    HttpMessageNotWritableException: Could not write JSON: No serializer found for class ****
    在线测试且生成文档
    jenkins和gitlab结合的时候出错
    Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 2611816 bytes)
    webpack初入
    破网速测试
    SQLDumpSplitter sql文件分割工具
    FTP连接服务器总报错的问题解决
    nw.js---创建一个点击菜单
    nw.js---开发一个百度浏览器
  • 原文地址:https://www.cnblogs.com/BINGJJFLY/p/8968046.html
Copyright © 2011-2022 走看看