一、RequirePermissions多權限
權限值value用數組代替,再設置logical
多選一:logical = Logical.OR
例如:@RequiresPermissions(value = { "product_create", "product_edit" }, logical = Logical.OR)
必須全部符合:logical = Logical.AND
例如:@RequiresPermissions(value = { "product_create", "product_edit" }, logical = Logical.AND)
二、標籤
<customTag:hasAllRoles name="admin,user">
擁有admin和user角色
</customTag:hasAllRoles>
<customTag:hasAllPermissions name="user:create,user:update">
擁有user:create和user:update權限
</customTag:hasAllPermissions>
<customTag:hasAnyPermissions name="user:create,user:update">
擁有user:create或user:update權限
</customTag:hasAnyPermissions>
<shiro:hasPermission name="evaluation:schoolEvaluationSystem:edit">
只判斷evaluation:schoolEvaluationSystem:edit權限
</shiro:hasPermission>
其上有hasAnyPermissions標籤,我們發小其實shiro並沒有提供給我們,接下來我們就看一下,如何自己去實現這個hasAnyPermission標籤
首先定義tld文件
<?xml version="1.0" encoding="UTF-8"?>
<taglib>
<tlib-version>1.0</tlib-version>
<jsp-version>2.0</jsp-version>
<short-name>Example TLD</short-name>
<tag>
<name>Hello</name>
<tag-class>cn.tlj.utils.tld.MyTag</tag-class>
<body-content>empty</body-content>
</tag>
<tag>
<name>hasAnyPermission</name>
<tag-class>cn.tlj.utils.tld.ShiroExpandTag</tag-class>
<body-content>JSP</body-content>
<description>Displays body content only if the current Subject (user)
'has' (implies) one of the specified permission (i.e the user has the specified ability) form a list of permissions.
</description>
<attribute>
<name>name</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
這裏使用了isPermitted 會返回是否有該參數 checkPermission其實沒有權限會報錯
package cn.tlj.utils.tld;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.tags.PermissionTag;
public class ShiroExpandTag extends PermissionTag{
private static final long serialVersionUID = 1L;
private static final String PERMISSION_NAMES_DELIMETER = ",";
@Override
protected boolean showTagBody(String permissions) {
boolean hasAnyPermission = false;
Subject subject = getSubject();
if (subject != null) {
for (String permission : permissions
.split(PERMISSION_NAMES_DELIMETER)) {
if (subject.isPermitted(permission.trim())) {
hasAnyPermission = true;
break;
}
}
}
return hasAnyPermission;
}
}
參考:https://blog.csdn.net/coolcaosj/article/details/25509471
關於自定義標籤:https://www.runoob.com/jsp/jsp-custom-tags.html