Shiro启用注解方式
shiro验证权限方式一种是基于url配置文件:
例如:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/><!-- 登录页面 ,用户 登录不成功自动 返回该页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">loginUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">/login</span><span style="color: #800000">"</span>/> <!-- 登录成功页面,登录成功后跳转到该页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">successUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">/index</span><span style="color: #800000">"</span>/> <!-- 无权访问跳转页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">unauthorizedUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">permNo</span><span style="color: #800000">"</span>/> <!-- 自定义权限页面设置url的访问权限。anon表示不用验证, 都可以访问。anthc:authc filter 监听,不登陆不能访问。logout:logout filter监听。 没有列出的常用配置:perms[<span style="color: #800000">"</span><span style="color: #800000">remote:invoke</span><span style="color: #800000">"</span>] :需要角色romote 和权限invoke才能访问。roles[<span style="color: #800000">"</span><span style="color: #800000">admin</span><span style="color: #800000">"</span>]需要角色admin才能访问。设置可用“,”隔开, 如:/admin/test = authc,roles[admin] --> <property name=<span style="color: #800000">"</span><span style="color: #800000">filterChainDefinitions</span><span style="color: #800000">"</span>> <value> <!-- 无参,表示需认证才能使用 -->/home=authc
/resources/=anon</value> </property> </bean></span></pre><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231052901-754624050.png"></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div></div><p> </p><p>另外一种是基于注解:</p><p>例如:</p><h2>RequiresAuthentication注解</h2><p>RequiresAuthentication注解要求在访问或调用被注解的类/实例/方法时,Subject在当前的session中已经被验证。</p><div class="cnblogs_code"><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231053245-2016378964.png"></span></div><pre>@RequiresAuthenticationpublic void updateAccount(Account userAccount) {
//this method will only be invoked by a
//Subject that is guaranteed authenticated
...}
RequiresGuest注解
RequiresGuest注解要求当前Subject是一个“访客”,也就是,在访问或调用被注解的类/实例/方法时,他们没有被认证或者在被前一个Session记住。
@RequiresGuestpublic void signUp(User newUser) {
//this method will only be invoked by a
//Subject that is unknown/anonymous
...}
RequiresPermissions 注解
RequiresPermissions 注解要求当前Subject在执行被注解的方法时具备一个或多个对应的权限。
@RequiresPermissions("account:create")public void createAccount(Account account) {
//this method will only be invoked by a Subject
//that is permitted to create an account
...}
RequiresRoles 注解
RequiresPermissions 注解要求当前Subject在执行被注解的方法时具备所有的角色,否则将抛出AuthorizationException异常。
@RequiresRoles("administrator")public void deleteUser(User user) {
//this method will only be invoked by an administrator
...}
如果在Controller中如果直接使用上面标签是不起作用的,需要开启shiro注解
bean />
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean><!--========================-如果使用注解方式验证将下面代码放开===============================--> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id=<span style="color: #800000">"</span><span style="color: #800000">lifecycleBeanPostProcessor</span><span style="color: #800000">"</span> <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.spring.LifecycleBeanPostProcessor</span><span style="color: #800000">"</span>/> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator</span><span style="color: #800000">"</span> depends-on=<span style="color: #800000">"</span><span style="color: #800000">lifecycleBeanPostProcessor</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">proxyTargetClass</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">true</span><span style="color: #800000">"</span> /> </bean> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">securityManager</span><span style="color: #800000">"</span> <span style="color: #0000ff">ref</span>=<span style="color: #800000">"</span><span style="color: #800000">securityManager</span><span style="color: #800000">"</span>/> </bean> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.springframework.web.servlet.handler.SimpleMappingExceptionResolver</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">exceptionMappings</span><span style="color: #800000">"</span>> <props> <!--登录--> <prop key=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.authz.UnauthenticatedException</span><span style="color: #800000">"</span>> redirect:/login </prop> <!--授权--> <prop key=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.authz.UnauthorizedException</span><span style="color: #800000">"</span>> redirect:/admin/common/exceptionLog </prop> </props> </property> <property name=<span style="color: #800000">"</span><span style="color: #800000">defaultErrorView</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">error/genericView</span><span style="color: #800000">"</span>/> </bean></pre><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231056714-1961315513.png"></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div></div><p>其中com.controller.MyRealm类是我自定义的继承自AuthorizingRealm的类</p><p><br></p><p>来源:<a href="http://www.cnblogs.com/lvlv/p/5104758.html" style="line-height: 1.6">http://www.cnblogs.com/lvlv/p/5104758.html</a></p><br><br><div><a title="来自为知笔记(Wiz)" href="http://www.wiz.cn/i/3dfbbd54">来自为知笔记(Wiz)</a></div><br><br></div>
WPF绑定并转换
WPF的DataTrigger使用
NancyFx框架之检测任务管理器
Asp.Net MVC 5使用Identity之简单的注册和登陆
AspNetCore使用MySQL
Head First 设计模式之适配器模式与外观模式
Head First 设计模式之命令模式(CommandPattern)
Head First 设计模式之工厂模式(Factory Pattern)
.NET设计规范————类型设计规范
shiro验证权限方式一种是基于url配置文件:
例如:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/><!-- 登录页面 ,用户 登录不成功自动 返回该页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">loginUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">/login</span><span style="color: #800000">"</span>/> <!-- 登录成功页面,登录成功后跳转到该页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">successUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">/index</span><span style="color: #800000">"</span>/> <!-- 无权访问跳转页面 --> <property name=<span style="color: #800000">"</span><span style="color: #800000">unauthorizedUrl</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">permNo</span><span style="color: #800000">"</span>/> <!-- 自定义权限页面设置url的访问权限。anon表示不用验证, 都可以访问。anthc:authc filter 监听,不登陆不能访问。logout:logout filter监听。 没有列出的常用配置:perms[<span style="color: #800000">"</span><span style="color: #800000">remote:invoke</span><span style="color: #800000">"</span>] :需要角色romote 和权限invoke才能访问。roles[<span style="color: #800000">"</span><span style="color: #800000">admin</span><span style="color: #800000">"</span>]需要角色admin才能访问。设置可用“,”隔开, 如:/admin/test = authc,roles[admin] --> <property name=<span style="color: #800000">"</span><span style="color: #800000">filterChainDefinitions</span><span style="color: #800000">"</span>> <value> <!-- 无参,表示需认证才能使用 -->/home=authc
/resources/=anon</value> </property> </bean></span></pre><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231052901-754624050.png"></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div></div><p> </p><p>另外一种是基于注解:</p><p>例如:</p><h2>RequiresAuthentication注解</h2><p>RequiresAuthentication注解要求在访问或调用被注解的类/实例/方法时,Subject在当前的session中已经被验证。</p><div class="cnblogs_code"><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231053245-2016378964.png"></span></div><pre>@RequiresAuthenticationpublic void updateAccount(Account userAccount) {
//this method will only be invoked by a
//Subject that is guaranteed authenticated
...}
RequiresGuest注解
RequiresGuest注解要求当前Subject是一个“访客”,也就是,在访问或调用被注解的类/实例/方法时,他们没有被认证或者在被前一个Session记住。
@RequiresGuestpublic void signUp(User newUser) {
//this method will only be invoked by a
//Subject that is unknown/anonymous
...}
RequiresPermissions 注解
RequiresPermissions 注解要求当前Subject在执行被注解的方法时具备一个或多个对应的权限。
@RequiresPermissions("account:create")public void createAccount(Account account) {
//this method will only be invoked by a Subject
//that is permitted to create an account
...}
RequiresRoles 注解
RequiresPermissions 注解要求当前Subject在执行被注解的方法时具备所有的角色,否则将抛出AuthorizationException异常。
@RequiresRoles("administrator")public void deleteUser(User user) {
//this method will only be invoked by an administrator
...}
如果在Controller中如果直接使用上面标签是不起作用的,需要开启shiro注解
bean />
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean><!--========================-如果使用注解方式验证将下面代码放开===============================--> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id=<span style="color: #800000">"</span><span style="color: #800000">lifecycleBeanPostProcessor</span><span style="color: #800000">"</span> <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.spring.LifecycleBeanPostProcessor</span><span style="color: #800000">"</span>/> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator</span><span style="color: #800000">"</span> depends-on=<span style="color: #800000">"</span><span style="color: #800000">lifecycleBeanPostProcessor</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">proxyTargetClass</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">true</span><span style="color: #800000">"</span> /> </bean> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">securityManager</span><span style="color: #800000">"</span> <span style="color: #0000ff">ref</span>=<span style="color: #800000">"</span><span style="color: #800000">securityManager</span><span style="color: #800000">"</span>/> </bean> <bean <span style="color: #0000ff">class</span>=<span style="color: #800000">"</span><span style="color: #800000">org.springframework.web.servlet.handler.SimpleMappingExceptionResolver</span><span style="color: #800000">"</span>> <property name=<span style="color: #800000">"</span><span style="color: #800000">exceptionMappings</span><span style="color: #800000">"</span>> <props> <!--登录--> <prop key=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.authz.UnauthenticatedException</span><span style="color: #800000">"</span>> redirect:/login </prop> <!--授权--> <prop key=<span style="color: #800000">"</span><span style="color: #800000">org.apache.shiro.authz.UnauthorizedException</span><span style="color: #800000">"</span>> redirect:/admin/common/exceptionLog </prop> </props> </property> <property name=<span style="color: #800000">"</span><span style="color: #800000">defaultErrorView</span><span style="color: #800000">"</span> value=<span style="color: #800000">"</span><span style="color: #800000">error/genericView</span><span style="color: #800000">"</span>/> </bean></pre><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><img alt="复制代码" src="https://images2015.cnblogs.com/blog/1040703/201612/1040703-20161217231056714-1961315513.png"></span></div><div class="cnblogs_code_toolbar"><span class="cnblogs_code_copy"><a href="javascript:void(0);" onclick="copyCnblogsCode(this)" title="复制代码"><img src="//common.cnblogs.com/images/copycode.gif" alt="复制代码"></a></span></div></div><p>其中com.controller.MyRealm类是我自定义的继承自AuthorizingRealm的类</p><p><br></p><p>来源:<a href="http://www.cnblogs.com/lvlv/p/5104758.html" style="line-height: 1.6">http://www.cnblogs.com/lvlv/p/5104758.html</a></p><br><br><div><a title="来自为知笔记(Wiz)" href="http://www.wiz.cn/i/3dfbbd54">来自为知笔记(Wiz)</a></div><br><br></div>
WPF绑定并转换
WPF的DataTrigger使用
NancyFx框架之检测任务管理器
Asp.Net MVC 5使用Identity之简单的注册和登陆
AspNetCore使用MySQL
Head First 设计模式之适配器模式与外观模式
Head First 设计模式之命令模式(CommandPattern)
Head First 设计模式之工厂模式(Factory Pattern)
.NET设计规范————类型设计规范