shiro提供了jsp標籤用於頁面上的權限控制,有hasAnyRoles,hasPermission等標籤,但是卻沒提供hasAnyPermission標籤,有點不大方便。
這時候我們完全可以仿照shiro的源碼,進行照貓畫虎,擴充一下。
shiro的標籤定義文件在shiro-all.jar下的META-INF目錄下的shiro.tld中,打開文件後我們可以看到如下標籤的定義:
<taglib>
<tlib-version>1.1.2</tlib-version>
<jsp-version>1.2</jsp-version>
<short-name>Apache Shiro</short-name>
<uri>http://shiro.apache.org/tags</uri>
<description>Apache Shiro JSP Tag Library.</description>
<tag>
<name>hasPermission</name>
<tag-class>org.apache.shiro.web.tags.HasPermissionTag</tag-class>
<body-content>JSP</body-content>
<description>Displays body content only if the current Subject (user)
'has' (implies) the specified permission (i.e the user has the specified ability).
</description>
<attribute>
<name>name</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>hasAnyRoles</name>
<tag-class>org.apache.shiro.web.tags.HasAnyRolesTag</tag-class>
<body-content>JSP</body-content>
<description>Displays body content only if the current user has one of the specified roles from a
comma-separated list of role names.
</description>
<attribute>
<name>name</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
該文件中定義了每個標籤的名字和相應的標籤的實現類。我們要補充一個hasAnyPermission的標籤,該標籤的邏輯和hasAnyRoles有些類似。我們先打開hasAnyRoles的實現類看看,然後照貓畫虎做一個hasAnyPermission的標籤。
package org.apache.shiro.web.tags;
import org.apache.shiro.subject.Subject;
public class HasAnyRolesTag extends RoleTag {
private static final String ROLE_NAMES_DELIMETER = ",";
public HasAnyRolesTag() {
}
protected boolean showTagBody(String roleNames) {
boolean hasAnyRole = false;
Subject subject = getSubject();
if (subject != null) {
for (String role : roleNames.split(ROLE_NAMES_DELIMETER)) {
if (subject.hasRole(role.trim())) {
hasAnyRole = true;
break;
}
}
}
return hasAnyRole;
}
}
以上是hasAnyRolesTag的實現類,我們仿照這個實現hasAnyPermission:
package org.apache.shiro.web.tags;
import org.apache.shiro.subject.Subject;
public class HasAnyPermissionTag extends PermissionTag {
private static final long serialVersionUID = 1L;
private static final String PERMISSION_NAMES_DELIMETER = ",";
public HasAnyPermissionTag() {
}
@Override
protected boolean showTagBody(String permissions) {
boolean hasAnyPermission = false;
Subject subject = getSubject();
if (subject != null) {
for (String permission : permissions
.split(PERMISSION_NAMES_DELIMETER)) {
if (subject.isPermitted(permission.trim())) {
hasAnyPermission = true;
break;
}
}
}
return hasAnyPermission;
}
}
並在jar包裏的shiro.tld文件中加入以下代碼指定標籤:
<tag>
<name>hasAnyPermission</name>
<tag-class>org.apache.shiro.web.tags.HasAnyPermissionTag</tag-class>
<body-content>JSP</body-content>
<description>Displays body content only if the current Subject (user)
'has' (implies) one of the specified permission (i.e the user has the specified ability) form a list of permissions.
</description>
<attribute>
<name>name</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<shiro:hasAnyPermission name="sys_config:policy,
sys_config:server,
sys_config:logdown,
sys_config:keyword,
sys_config:audit,
sys_config:sysinfo">
<li id="4"><a href="javascript:changeMainMenu(4)"><i class="tables"></i>系統配置</a></li>
</shiro:hasAnyPermission>
表示如果當前用戶擁有以下權限的任何一個權限,那麼該菜單就會顯示,好的,可以了。
收工。