shiro @RequiresPermissions多權限

一、RequirePermissions多權限

權限值value用數組代替，再設置logical

多選一：logical = Logical.OR

例如：@RequiresPermissions(value = { "product_create", "product_edit" }, logical = Logical.OR)

必須全部符合：logical = Logical.AND

例如：@RequiresPermissions(value = { "product_create", "product_edit" }, logical = Logical.AND)
二、標籤

<customTag:hasAllRoles name="admin,user">
 
擁有admin和user角色
 
</customTag:hasAllRoles>
 
 
 
<customTag:hasAllPermissions name="user:create,user:update">
 
擁有user:create和user:update權限
 
</customTag:hasAllPermissions>
 
 
 
<customTag:hasAnyPermissions name="user:create,user:update">
 
擁有user:create或user:update權限
 
</customTag:hasAnyPermissions>
 
 
<shiro:hasPermission name="evaluation:schoolEvaluationSystem:edit">
    只判斷evaluation:schoolEvaluationSystem:edit權限
    </shiro:hasPermission>

其上有hasAnyPermissions標籤，我們發小其實shiro並沒有提供給我們，接下來我們就看一下，如何自己去實現這個hasAnyPermission標籤

首先定義tld文件

<?xml version="1.0" encoding="UTF-8"?>
<taglib>
  <tlib-version>1.0</tlib-version>
  <jsp-version>2.0</jsp-version>
  <short-name>Example TLD</short-name>
  <tag>
    <name>Hello</name>
    <tag-class>cn.tlj.utils.tld.MyTag</tag-class>
    <body-content>empty</body-content>
  </tag>
  
   <tag>
    <name>hasAnyPermission</name>
    <tag-class>cn.tlj.utils.tld.ShiroExpandTag</tag-class>
    <body-content>JSP</body-content>
    <description>Displays body content only if the current Subject (user)
      'has' (implies) one of the specified permission (i.e the user has the specified ability) form a list of permissions.
    </description>
    <attribute>
      <name>name</name>
      <required>true</required>
      <rtexprvalue>true</rtexprvalue>
    </attribute>
  </tag>

</taglib>

這裏使用了isPermitted 會返回是否有該參數 checkPermission其實沒有權限會報錯

package cn.tlj.utils.tld;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.tags.PermissionTag;

public class ShiroExpandTag extends PermissionTag{

	private static final long serialVersionUID = 1L;
	private static final String PERMISSION_NAMES_DELIMETER = ",";

	@Override
	protected boolean showTagBody(String permissions) {
		boolean hasAnyPermission = false;
		Subject subject = getSubject();
		if (subject != null) {
			for (String permission : permissions
					.split(PERMISSION_NAMES_DELIMETER)) {
				if (subject.isPermitted(permission.trim())) {
					hasAnyPermission = true;
					break;
				}
			}
		}
		return hasAnyPermission;
	}
}

參考：https://blog.csdn.net/coolcaosj/article/details/25509471

 

關於自定義標籤：https://www.runoob.com/jsp/jsp-custom-tags.html