自定義（補充）shiro標籤

shiro提供了jsp標籤用於頁面上的權限控制，有hasAnyRoles,hasPermission等標籤，但是卻沒提供hasAnyPermission標籤，有點不大方便。

這時候我們完全可以仿照shiro的源碼，進行照貓畫虎，擴充一下。

shiro的標籤定義文件在shiro-all.jar下的META-INF目錄下的shiro.tld中，打開文件後我們可以看到如下標籤的定義：

<taglib>
  <tlib-version>1.1.2</tlib-version>
  <jsp-version>1.2</jsp-version>
  <short-name>Apache Shiro</short-name>
  <uri>http://shiro.apache.org/tags</uri>
  <description>Apache Shiro JSP Tag Library.</description>
  <tag>
    <name>hasPermission</name>
    <tag-class>org.apache.shiro.web.tags.HasPermissionTag</tag-class>
    <body-content>JSP</body-content>
    <description>Displays body content only if the current Subject (user)
      'has' (implies) the specified permission (i.e the user has the specified ability).
    </description>
    <attribute>
      <name>name</name>
      <required>true</required>
      <rtexprvalue>true</rtexprvalue>
    </attribute>
  </tag>
  <tag>
    <name>hasAnyRoles</name>
    <tag-class>org.apache.shiro.web.tags.HasAnyRolesTag</tag-class>
    <body-content>JSP</body-content>
    <description>Displays body content only if the current user has one of the specified roles from a
      comma-separated list of role names.
    </description>
    <attribute>
      <name>name</name>
      <required>true</required>
      <rtexprvalue>true</rtexprvalue>
    </attribute>
  </tag>
</taglib>

該文件中定義了每個標籤的名字和相應的標籤的實現類。我們要補充一個hasAnyPermission的標籤，該標籤的邏輯和hasAnyRoles有些類似。我們先打開hasAnyRoles的實現類看看，然後照貓畫虎做一個hasAnyPermission的標籤。

package org.apache.shiro.web.tags;
import org.apache.shiro.subject.Subject;
public class HasAnyRolesTag extends RoleTag {
    private static final String ROLE_NAMES_DELIMETER = ",";
    public HasAnyRolesTag() {
    }
    protected boolean showTagBody(String roleNames) {
        boolean hasAnyRole = false;
        Subject subject = getSubject();
        if (subject != null) {
            for (String role : roleNames.split(ROLE_NAMES_DELIMETER)) {
                if (subject.hasRole(role.trim())) {
                    hasAnyRole = true;
                    break;
                }
            }
        }
        return hasAnyRole;
    }
}

以上是hasAnyRolesTag的實現類，我們仿照這個實現hasAnyPermission:

package org.apache.shiro.web.tags;
import org.apache.shiro.subject.Subject;
public class HasAnyPermissionTag extends PermissionTag {
	private static final long serialVersionUID = 1L;
	private static final String PERMISSION_NAMES_DELIMETER = ",";
	public HasAnyPermissionTag() {
	}
	@Override
	protected boolean showTagBody(String permissions) {
		boolean hasAnyPermission = false;
		Subject subject = getSubject();
		if (subject != null) {
			for (String permission : permissions
					.split(PERMISSION_NAMES_DELIMETER)) {
				if (subject.isPermitted(permission.trim())) {
					hasAnyPermission = true;
					break;
				}
			}
		}
		return hasAnyPermission;
	}
}

將該源代碼編譯成class字節碼文件，扔進jar包的\org\apache\shiro\web\tags目錄下
並在jar包裏的shiro.tld文件中加入以下代碼指定標籤：

  <tag>
    <name>hasAnyPermission</name>
    <tag-class>org.apache.shiro.web.tags.HasAnyPermissionTag</tag-class>
    <body-content>JSP</body-content>
    <description>Displays body content only if the current Subject (user)
      'has' (implies) one of the specified permission (i.e the user has the specified ability) form a list of permissions.
    </description>
    <attribute>
      <name>name</name>
      <required>true</required>
      <rtexprvalue>true</rtexprvalue>
    </attribute>
  </tag>

OK，搞定，到頁面上測試一下：

<shiro:hasAnyPermission name="sys_config:policy,
				sys_config:server,
				sys_config:logdown,
				sys_config:keyword,
				sys_config:audit,
				sys_config:sysinfo">
	<li id="4"><a href="javascript:changeMainMenu(4)"><i class="tables"></i>系統配置</a></li>
</shiro:hasAnyPermission>

表示如果當前用戶擁有以下權限的任何一個權限，那麼該菜單就會顯示，好的，可以了。

收工。