Shiro整合Thymeleaf

Shiro整合Thymeleaf

  • 前言:前端引入shiro的作用:可以根据用户拥有的权限,只显示对应权限的块

一、导入依赖

<!-- thymeleaf-extras-shiro -->
<dependency>
    <groupId>com.github.theborakompanioni</groupId>
    <artifactId>thymeleaf-extras-shiro</artifactId>
    <version>2.0.0</version>
</dependency>

二、在ShiroConfig类中添加一个Bean:ShiroDialect

@Bean
public ShiroDialect getShiroDialect(){
    return new ShiroDialect();
}

三、在前端界面使用Shiro

  • 1、导入命名空间

    <html lang="en" xmlns:th="http://www.thymeleaf.org"
          xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">
    
  • 2、使用shiro关键字:shiro:hasPermission="" (引号内为权限名)

    <h3>
        <a th:href="@{/}">首页</a>|
    
        <div shiro:hasPermission="user:tj">
            <a th:href="@{/user/recommend}">个人推荐</a>|
        </div>
    
        <div shiro:hasPermission="user:gr">
            <a th:href="@{/user/information}">个人信息</a>
        </div>
    
    </h3>
    

四、额外引申:登陆按钮,若登陆成功则不显示

  • 在控制类中:若登陆成功则给session赋值

    //用令牌登陆,如果没有异常则登陆成功
    try{
        subject.login(token); //无异常则登陆成功
    
        //给session赋值
        Subject currentUser = SecurityUtils.getSubject();
        Session session = currentUser.getSession();
        session.setAttribute("loginUser","yes");
    
        return "index";
    }
    
  • 在前端界面中:若session不为空,则显示登陆按钮

    <div th:if="${session.loginUser==null}">
    	<a th:href="@{/tologin}">登陆</a>
    </div>
    

五、相关代码

ShiroConfig.java

package com.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig{
    //shriofilterbean
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //关联securityManager
        bean.setSecurityManager(securityManager);

        //给请求设置权限
        Map<String,String> filter = new LinkedHashMap<>();
        filter.put("/user/information","perms[user:gr]");
        filter.put("/user/recommend","perms[user:tj]");
        filter.put("/","anon");

        bean.setFilterChainDefinitionMap(filter);

        //当没有登陆时,跳转到此登陆界面
        bean.setLoginUrl("/tologin");

        //当没有权限时,跳转到此登陆界面
        bean.setUnauthorizedUrl("/noautho");

        return bean;
    }

    //securityManager
    @Bean
    public DefaultWebSecurityManager securityManager(@Qualifier("realm") UserRealm realm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联realm
        securityManager.setRealm(realm);
        return securityManager;
    }

    //realm
    @Bean
    public UserRealm realm(){
        return new UserRealm();
    }

    //主要在这儿
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }
}

index.html

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
      xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">
<head>
    <meta charset="UTF-8">
    <title>欢迎</title>
</head>
<body>
<h1>Welcome!</h1>
<div th:if="${session.loginUser==null}">
<a th:href="@{/tologin}">登陆</a>
</div>
<hr>
    <h3>
        <a th:href="@{/}">首页</a>|

        <div shiro:hasPermission="user:tj">
        <a th:href="@{/user/recommend}">个人推荐</a>|
        </div>

        <div shiro:hasPermission="user:gr">
        <a th:href="@{/user/information}">个人信息</a>
        </div>

    </h3>
</body>
</html>
上一篇:最新的CXF与Spring:警告:javax.ws.rs.NotFoundException


下一篇:编写更好的Java的另外3种技术