发表于: 2018-09-10 23:40:23

2 444

今天完成的事情

1.继续学习shiro

1.1授权有两种,一种是基于角色,一种是基于资源

基于资源授权,先写ini配置文件

[users]
zhang=123,role1,role2
wang=123,role1
li=123,role41,role42,role51,role52,role53,role61,role62,role71,role72,role73,role74,role75,role81,role82


[roles]
#对资源user拥有createupdate权限
role1=user:create,user:update
#对资源user拥有createdelete权限
role2=user:create,user:delete
#对资源user拥有create权限
role3=system:user:create

#对资源user拥有updatedelete权限
role41=system:user:update,system:user:delete
#对资源user拥有updatedelete权限(简写,但不等价)
role42="system:user:update,delete"

#对资源system:user拥有createupdatedeleteview权限
role51="system:user:create,update,delete,view"
#对资源system:user拥有所有权限
role52=system:user:*
#对资源system:user拥有所有权限
role53=system:user

#对资源拥有所有权限(如匹配user:view
role61=*:view
#对资源拥有所有权限(如匹配system:user:view,即和之上的不等价)
role62=*:*:view

#对资源user1实例拥有view权限
role71=user:view:1
#对资源user1实例拥有updatedelete权限
role72="user:update,delete:1"
#对资源user1实例拥有所有权限
role73=user:*:1
#对资源user的所有实例拥有auth权限
role74=user:auth:*
#对资源user的所有实例拥有所有权限
role75=user:*:*

#等价于menu:*:*
role81=menu:*
role82=organization

规则:“资源标识符:操作:对象实例ID”  即对哪个资源的哪个实例可以进行什么操作。其默认支持通配符权限字符串,“:”表示资源/操作/实例的分割;“,”表示操作的分割;“*”表示任意资源/操作/实例。

如“user:view”等价于“user:view:*”;而“organization”等价于“organization:*”或者“organization:*:*”。可以这么理解,这种方式实现了前缀匹配。

另外如“user:*”可以匹配如“user:delete”、“user:delete”可以匹配如“user:delete:1”、“user:*:1”可以匹配如“user:view:1”、“user”可以匹配“user:view”或“user:view:1”等。即*可以匹配所有,不加*可以进行前缀匹配;但是如“*:view”不能匹配“system:user:view”,需要使用“*:*:view”,即后缀匹配必须指定前缀(多个冒号就需要多个*来匹配)。


1.2建个表:

delete from users;
delete from user_roles;
delete from roles_permissions;
insert into users(username, password, password_salt) values('zhang', '123', null);
insert into user_roles(username, role_name) values('zhang', 'role1');
insert into user_roles(username, role_name) values('zhang', 'role2');
insert into roles_permissions(role_name, permission) values('role1', '+user1+10');
insert into roles_permissions(role_name, permission) values('role1', 'user1:*');
insert into roles_permissions(role_name, permission) values('role1', '+user2+10');
insert into roles_permissions(role_name, permission) values('role1', 'user2:*');

1.3测试

package com.github.zhangkaitao.shiro.chapter3;

import junit.framework.Assert;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.junit.Test;

public class PermissionTest extends BaseTest {

    @Test
    public void testIsPermitted() {
        login("classpath:shiro-permission.ini", "zhang", "123");
        //判断拥有权限:user:create
        Assert.assertTrue(subject().isPermitted("user:create"));
        //判断拥有权限:user:update and user:delete
        Assert.assertTrue(subject().isPermittedAll("user:update", "user:delete"));
        //判断没有权限:user:view
        Assert.assertFalse(subject().isPermitted("user:view"));
    }

    @Test(expected = UnauthorizedException.class)
    public void testCheckPermission() {
        login("classpath:shiro-permission.ini", "zhang", "123");
        //断言拥有权限:user:create
        subject().checkPermission("user:create");
        //断言拥有权限:user:delete and user:update
        subject().checkPermissions("user:delete", "user:update");
        //断言拥有权限:user:view 失败抛出异常
        subject().checkPermissions("user:view");
    }


    @Test
    public void testWildcardPermission1() {
        login("classpath:shiro-permission.ini", "li", "123");

        subject().checkPermissions("system:user:update", "system:user:delete");
        subject().checkPermissions("system:user:update,delete");
    }

    @Test
    public void testWildcardPermission2() {
        login("classpath:shiro-permission.ini", "li", "123");
        subject().checkPermissions("system:user:create,delete,update:view");

        subject().checkPermissions("system:user:*");
        subject().checkPermissions("system:user");
    }

    @Test
    public void testWildcardPermission3() {
        login("classpath:shiro-permission.ini", "li", "123");
        subject().checkPermissions("user:view");

        subject().checkPermissions("system:user:view");
    }

    @Test
    public void testWildcardPermission4() {
        login("classpath:shiro-permission.ini", "li", "123");
        subject().checkPermissions("user:view:1");

        subject().checkPermissions("user:delete,update:1");
        subject().checkPermissions("user:update:1", "user:delete:1");

        subject().checkPermissions("user:update:1", "user:delete:1", "user:view:1");

        subject().checkPermissions("user:auth:1", "user:auth:2");

    }

    @Test
    public void testWildcardPermission5() {
        login("classpath:shiro-permission.ini", "li", "123");
        subject().checkPermissions("menu:view:1");

        subject().checkPermissions("organization");
        subject().checkPermissions("organization:view");
        subject().checkPermissions("organization:view:1");

    }


    @Test
    public void testWildcardPermission6() {
        login("classpath:shiro-permission.ini", "li", "123");
        subject().checkPermission("menu:view:1");
        subject().checkPermission(new WildcardPermission("menu:view:1"));
    }
}

明天计划的事情

请假休息一天

遇到的问题

暂无

收获

如上

上一篇
返回列表 返回列表
下一篇
现在开始,找个师兄带你入门
评论

    分享到

    技能树  |  IT修真院

    关于我们联系我们合作公司

    移动端下载

    友情链接

    短信验证码     

    微信公众平台

    Copyright © 2015 北京葡萄藤信息技术有限公司 All Rights Reserved | 京ICP备15035574号-1