shiro验证权限方式一种是基于url配置文件:
例如:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/><!-- 登录页面 ,用户 登录不成功自动 返回该页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">loginUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">/login</span><span style="color: #800000">"</span>/> <!-- 登录成功页面,登录成功后跳转到该页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">successUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">/index</span><span style="color: #800000">"</span>/> <!-- 无权访问跳转页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">unauthorizedUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">permNo</span><span style="color: #800000">"</span>/> <!-- 自定义权限页面设置url的访问权限。anon表示不用验证, 都可以访问。anthc:authc filter 监听,不登陆不能访问。logout:logout filter监听。 没有列出的常用配置:perms[<span style="color: #800000">"</span><span style="color: #800000">remote:invoke</span><span style="color: #800000">"</span>] :需要角色romote 和权限invoke才能访问。roles[<span style="color: #800000">"</span><span style="color: #800000">admin</span><span style="color: #800000">"</span>]需要角色admin才能访问。设置可用“,”隔开, 如:/admin/test = authc,roles[admin] --> <property name=<span style="color: #800000">"</span><span style="color: #800000">filterChainDefinitions</span><span style="color: #800000">"</span>> <value> <!-- 无参,表示需认证才能使用 -->/home=authc
/resources/=anon</value> </property> </bean></span></pre><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231052901-754624050.png"></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div></div><p> </p><p>另外一种是基于注解:</p><p>例如:</p><h2>RequiresAuthentication注解</h2><p>RequiresAuthentication注解要求在访问或调用被注解的类/实例/方法时,Subject在当前的session中已经被验证。</p><div class="cnblogs_code"><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231053245-2016378964.png"></span></div><pre>@RequiresAuthenticationpublic void updateAccount(Account userAccount) {
//this method will only be invoked by a
//Subject that is guaranteed authenticated
...}
RequiresGuest注解
RequiresGuest注解要求当前Subject是一个“访客”,也就是,在访问或调用被注解的类/实例/方法时,他们没有被认证或者在被前一个Session记住。
@RequiresGuestpublic void signUp(User newUser) {
//this method will only be invoked by a
//Subject that is unknown/anonymous
...}
RequiresPermissions 注解
RequiresPermissions 注解要求当前Subject在执行被注解的方法时具备一个或多个对应的权限。
@RequiresPermissions("account:create")public void createAccount(Account account) {
//this method will only be invoked by a Subject
//that is permitted to create an account
...}
RequiresRoles 注解
RequiresPermissions 注解要求当前Subject在执行被注解的方法时具备所有的角色,否则将抛出AuthorizationException异常。
@RequiresRoles("administrator")public void deleteUser(User user) {
//this method will only be invoked by an administrator
...}
如果在Controller中如果直接使用上面标签是不起作用的,需要开启shiro注解
bean id="myRealm" class="com.controller.MyRealm"/>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean><!--========================-如果使用注解方式验证将下面代码放开===============================--> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id=<span style="color: #800000">"</span><span style="color: #800000">lifecycleBeanPostProcessor</span><span style="color: #800000">"</span> <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.spring.LifecycleBeanPostProcessor</span><span style="color: #800000">"</span>/> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator</span><span style="color: #800000">"</span> depends-on=<span style="color: #800000">"</span><span style="color: #800000">lifecycleBeanPostProcessor</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">proxyTargetClass</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">true</span><span style="color: #800000">"</span> /> </bean> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">securityManager</span><span style="color: #800000">"</span> <span style="color: #0000ff">ref</span>=<span style="color: #800000">"</span><span style="color: #800000">securityManager</span><span style="color: #800000">"</span>/> </bean> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.springframework.web.servlet.handler.SimpleMappingExceptionResolver</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">exceptionMappings</span><span style="color: #800000">"</span>> <props> <!--登录--> <prop key=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.authz.UnauthenticatedException</span><span style="color: #800000">"</span>> redirect:/login </prop> <!--授权--> <prop key=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.authz.UnauthorizedException</span><span style="color: #800000">"</span>> redirect:/admin/common/exceptionLog </prop> </props> </property> <property name=<span style="color: #800000">"</span><span style="color: #800000">defaultErrorView</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">error/genericView</span><span style="color: #800000">"</span>/> </bean></pre><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231056714-1961315513.png"></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div></div><p>其中com.controller.MyRealm类是我自定义的继承自AuthorizingRealm的类</p><p><br></p><p>来源:<a href="http://www.cnblogs.com/lvlv/p/5104758.html" style="line-height: 1.6">http://www.cnblogs.com/lvlv/p/5104758.html</a></p><br><br><div><a title="来自为知笔记(Wiz)" href="http://www.wiz.cn/i/3dfbbd54">来自为知笔记(Wiz)</a></div><br><br></div>
Single Number
Merge Two Sorted Lists
Remove Nth Node From End of List
Remove Element
Remove Duplicates from Sorted List
Add Two Numbers
编译视频直播点播平台EasyDSS数据排序使用Go 语言 slice 类型排序的实现介绍
RTMP协议视频直播点播平台EasyDSS在Linux系统中以服务启动报错can’t evaluate field RootPath in type*struct排查
【解决方案】5G时代RTMP推流服务器/互联网直播点播平台EasyDSS实现360°全景摄像机VR直播