代码改变世界
[登录 · 注册]
  • JavaShiro(八):Shiro集成SpringMvc、Themeleaf,如何实现Themeleaf视图引擎下解析*.html中shiro权限验证
  • 声明:本证项目基于《Java-Shiro(六):Shiro Realm讲解(三)Realm的自定义及应用》构建项目为基础。

    我们知道如果是采用jsp视图引擎,直接在jsp中加入shiro的tag就可以,然而在thymeleaf视图引擎下,并未有shiro的tag lib。实际上目前shiro+Thymeleaf的html页面中shiro标签方式验证已经有人实现了并将代码用法放到了github上,具体请参考:《thymeleaf-extras-shiro》。

    下边将结合《thymeleaf-extras-shiro》与springmvc集成实现thymeleaf中html中加验证shiro验证标签的用法进行讲解,具体内容分为以下几部分:

    1)引入依赖

    2)需要修改哪些配置?

    3)如何使用?

    1)引入依赖

    引入thymeleaf-extras-shiro依赖到pom中

    <dependency>
        <groupId>com.github.theborakompanioni</groupId>
        <artifactId>thymeleaf-extras-shiro</artifactId>
        <version>${thymeleaf-shiro.version}</version>
    </dependency>

    上边${thymeleaf-shiro.version}是thymelef-extras-shiro的版本,目前最新版本是2.0.0。

    更多版本请参考:《https://github.com/theborakompanioni/thymeleaf-extras-shiro/releases

    2)修改配置

    2.1)xml方式配置

    需要在springmvc-servlet.xml配置文件中引入thymeleaf依赖外,需要在templateEngine bean下设置additionalDialects属性:

    <bean id="templateEngine" class="org.thymeleaf.spring5.SpringTemplateEngine">
      <property name="templateResolver" ref="templateResolver" />
      <property name="additionalDialects">
        <set>
          <bean class="at.pollux.thymeleaf.shiro.dialect.ShiroDialect"/>
        </set>
      </property>
    </bean>

    注意:这个dialect是核心配置,缺少这个thymeleaf页面中的标签将无法解析。

    2.2)SpringMVC或者SpringBoot注解方式配置

    @Bean
    public SpringTemplateEngine templateEngine() {
            SpringTemplateEngine templateEngine = new SpringTemplateEngine();
    templateEngine.setTemplateResolver(templateResolver()); Set
    <IDialect> additionalDialects = new HashSet<IDialect>(); additionalDialects.add(new ShiroDialect()); templateEngine.setAdditionalDialects(additionalDialects); return templateEngine; }

    3)在thymeleaf的html页面中使用shiro验证标签

    3.1)在html文件头的<html>标签做修改

    <!DOCTYPE html>
    <html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">

    Example

    <!DOCTYPE html>
    <html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
    
      <head>
        <title>thymeleaf-extras-shiro</title>
      </head>
    
      <body>
        <p shiro:guest="">Please <a href="login.html">login</a></p>
        <p shiro:authenticated="">
          Hello, <span shiro:principal=""></span>, how are you today?
        </p>
      </body>
    
    </html>

    3.2)html标签(例如:a/tr/td/p等) shiro:hasPermission="article:query" 标签使用

    具体参考官网:《https://github.com/theborakompanioni/thymeleaf-extras-shiro

    The guest tag

    <p shiro:guest="">
      Please <a href="login.html">Login</a>
    </p>

    The user tag

    <p shiro:user="">
      Welcome back John! Not John? Click <a href="login.html">here<a> to login.
    </p>

    The authenticated tag

    <a shiro:authenticated="" href="updateAccount.html">Update your contact information</a>

    The notAuthenticated tag

    <p shiro:notAuthenticated="">
      Please <a href="login.html">login</a> in order to update your credit card information.
    </p>

    The principal tag

    <p>Hello, <span shiro:principal=""></span>, how are you today?</p>

    or

    <p>Hello, <shiro:principal/>, how are you today?</p>

    Typed principal and principal property are also supported.

    The hasRole tag

    <a shiro:hasRole="administrator" href="admin.html">Administer the system</a>

    The lacksRole tag

    <p shiro:lacksRole="administrator">
      Sorry, you are not allowed to administer the system.
    </p>

    The hasAllRoles tag

    <p shiro:hasAllRoles="developer, project manager">
      You are a developer and a project manager.
    </p>

    The hasAnyRoles tag

    <p shiro:hasAnyRoles="developer, project manager, administrator">
      You are a developer, project manager, or administrator.
    </p>

    The hasPermission tag

    <a shiro:hasPermission="user:create" href="createUser.html">Create a new User</a>

    The lacksPermission tag

    <p shiro:lacksPermission="user:delete">
      Sorry, you are not allowed to delete user accounts.
    </p>

    The hasAllPermissions tag

    <p shiro:hasAllPermissions="user:create, user:delete">
      You can create and delete users.
    </p>

    The hasAnyPermissions tag

    <p shiro:hasAnyPermissions="user:create, user:delete">
      You can create or delete users.
    </p>

    3.3)和jsp页面一样的shiro:hasPermission标签使用

    实际上和Jsp页面中的验证标签一致,而且与上边基本一致,去掉html标签改写为:

    <shiro:hasPermission name="user:create">
        <p>test</p>
    </shiro:hasPermission>

    具体参考shiro官网:《http://shiro.apache.org/web.html#jsp-gsp-tag-library》 

    3.4)javascript中使用hasPermission标签

    需要自定义@Component,例如:

    package com.dx.test.shiro;
    
    import org.apache.shiro.SecurityUtils;
    import org.springframework.stereotype.Component;
    
    /**
     * js调用 thymeleaf 实现按钮权限
     */
    @Component("perms")
    public class PermsService
    {
        public boolean hasPerm(String permission)
        {
            return SecurityUtils.getSubject().isPermitted(permission);
        }
    }

    其需要在applicationContext-*.xml中,添加扫描包组件确保能扫描到该包:

        <context:component-scan base-package="com.dx.test.shiro"></context:component-scan>

    Js中使用示例:

    <script>
        var editFlag = "[[${@perms.hasPerm('user:edit')}]]";
        var deleteFlag = "[[${@perms.hasPerm('user:delete')}]]";
        var assignRoleFlag="[[${@perms.hasPerm('user:assignRole')}]]";
        // 其他业务
    </script>
  • 上一篇:JavaShiro(九):Shiro集成Redis实现Session统一管理
    下一篇:JavaShiro(七):Shiro认证、授权信息缓存
  • 【推广】 阿里云小站-上云优惠聚集地(新老客户同享)更有每天限时秒杀!
    【推广】 云服务器低至0.95折 1核2G ECS云服务器8.1元/月
    【推广】 阿里云老用户升级四重礼遇享6.5折限时折扣!
  • 原文:https://www.cnblogs.com/yy3b2007com/p/12113430.html
走看看 - 开发者的网上家园