公司採購了shop++這套軟件,後續公司要求拓展的新的功能,其中就有一個問題,添加新的權限。這套系統採用的是shiro安全框架,通過嘗試,最後成功了。
在shop++中代碼的實現步驟
1、在applicationContext-shiro.xml配置中配置權限路徑
<property name="filterChainDefinitions">
<value>
/admin/ = anon
/admin/index.jsp = anon
/admin/login.jsp = authc
/admin/logout.jsp = logout
/admin/common/captcha.jhtml = anon
/admin/setting/** = perms["admin:setting"]
/admin/payment_plugin/** = perms["admin:paymentPlugin"]
/admin/storage_plugin/** = perms["admin:storagePlugin"]
/admin/login_plugin/** = perms["admin:loginPlugin"]
/admin/admin/** = perms["admin:admin"]
/admin/role/** = perms["admin:role"]
/admin/message/** = perms["admin:message"]
/admin/mail_sms/** = perms["admin:mailSms"]
/admin/log/** = perms["admin:log"]
/admin/** = authc
</value>
</property>
/admin/message/** 要攔截的路徑,/**代表下面所有的目錄,/*只代表下面的目錄
perms["admin:message"] admin:message權限字符串
2、在後臺主頁面main.ftl中設置權限字符串如:admin:shipping
[#list ["admin:order", "admin:payment", "admin:refunds", "admin:shipping", "admin:returns", "admin:deliveryCenter", "admin:deliveryTemplate"] as permission]
[@shiro.hasPermission name = permission]
<li>
<a href="#order">${message("admin.main.orderNav")}</a>
</li>
[#break /]
[/@shiro.hasPermission]
[/#list]
[@shiro.hasPermission name="admin:brand"]
<dd>
<a href="../brand/list.jhtml" target="iframe">${message("admin.main.brand")}</a>
</dd>
[/@shiro.hasPermission]
3、修改超級管理員的角色 勾選新增的權限。