shiro授权数据的持久化 - 资源字符串
1. 表结构
-
用户表
-
用户角色中间表
-
角色表
-
角色权限中间表
-
权限表
2. 自定义Realm
public class CustomerRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
/**
* 授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//getUsername
String username = (String) principalCollection.getPrimaryPrincipal();
//SimpleAuthorizationInfo
SimpleAuthorizationInfo simpleAuthorizationInfo = null;
//查询权限
List<Permission> permissions = userService.queryUserPermissionsByUserName(user.getUsername());
if (!CollectionUtils.isEmpty(permissions)){
simpleAuthorizationInfo = new SimpleAuthorizationInfo();
for (Permission permission:
permissions) {
simpleAuthorizationInfo.addStringPermission(permission.getName());
System.out.println(permission.getName());
}
}
return simpleAuthorizationInfo;
}
3. service dao 略
4.mapper.xml
<!--通过username查询permission-->
<!--permission-->
<resultMap id="PermissionResultMap" type="com.cm.shiro.shirotest.model.Permission">
<id column="id" property="id"/>
<result column="name" property="name"/>
<result column="url" property="url"/>
</resultMap>
<select id="selectUserPermissionsByUserName" parameterType="String" resultMap="PermissionResultMap">
select DISTINCT jd.* from test u
join t_role_user ru
on u.username = #{username} and u.id = ru.userid
join t_role r
on ru.roleid = r.id
join t_jd_role jr
on r.id = jr.roleid
join t_jd jd
on jr.jdid = jd.id
</select>