Shiro整合Thymeleaf

• 前言：前端引入shiro的作用：可以根据用户拥有的权限，只显示对应权限的块

一、导入依赖

<!-- thymeleaf-extras-shiro -->
<dependency>
    <groupId>com.github.theborakompanioni</groupId>
    <artifactId>thymeleaf-extras-shiro</artifactId>
    <version>2.0.0</version>
</dependency>

二、在ShiroConfig类中添加一个Bean：ShiroDialect

@Bean
public ShiroDialect getShiroDialect(){
    return new ShiroDialect();
}

三、在前端界面使用Shiro

• 1、导入命名空间

  <html lang="en" xmlns:th="http://www.thymeleaf.org"
        xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">
  

• 2、使用shiro关键字：shiro:hasPermission="" （引号内为权限名）

  <h3>
      <a th:href="@{/}">首页</a>|
  
      <div shiro:hasPermission="user:tj">
          <a th:href="@{/user/recommend}">个人推荐</a>|
      </div>
  
      <div shiro:hasPermission="user:gr">
          <a th:href="@{/user/information}">个人信息</a>
      </div>
  
  </h3>
  

四、额外引申：登陆按钮，若登陆成功则不显示

• 在控制类中：若登陆成功则给session赋值

  //用令牌登陆，如果没有异常则登陆成功
  try{
      subject.login(token); //无异常则登陆成功
  
      //给session赋值
      Subject currentUser = SecurityUtils.getSubject();
      Session session = currentUser.getSession();
      session.setAttribute("loginUser","yes");
  
      return "index";
  }
  

• 在前端界面中：若session不为空，则显示登陆按钮

  <div th:if="${session.loginUser==null}">
  	<a th:href="@{/tologin}">登陆</a>
  </div>
  

五、相关代码

ShiroConfig.java

package com.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig{
    //shriofilterbean
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //关联securityManager
        bean.setSecurityManager(securityManager);

        //给请求设置权限
        Map<String,String> filter = new LinkedHashMap<>();
        filter.put("/user/information","perms[user:gr]");
        filter.put("/user/recommend","perms[user:tj]");
        filter.put("/","anon");

        bean.setFilterChainDefinitionMap(filter);

        //当没有登陆时，跳转到此登陆界面
        bean.setLoginUrl("/tologin");

        //当没有权限时，跳转到此登陆界面
        bean.setUnauthorizedUrl("/noautho");

        return bean;
    }

    //securityManager
    @Bean
    public DefaultWebSecurityManager securityManager(@Qualifier("realm") UserRealm realm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联realm
        securityManager.setRealm(realm);
        return securityManager;
    }

    //realm
    @Bean
    public UserRealm realm(){
        return new UserRealm();
    }

    //主要在这儿
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }
}

index.html

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
      xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">
<head>
    <meta charset="UTF-8">
    <title>欢迎</title>
</head>
<body>
<h1>Welcome!</h1>
<div th:if="${session.loginUser==null}">
<a th:href="@{/tologin}">登陆</a>
</div>
<hr>
    <h3>
        <a th:href="@{/}">首页</a>|

        <div shiro:hasPermission="user:tj">
        <a th:href="@{/user/recommend}">个人推荐</a>|
        </div>

        <div shiro:hasPermission="user:gr">
        <a th:href="@{/user/information}">个人信息</a>
        </div>

    </h3>
</body>
</html>