爱分享666

当前位置:首页 >java技术博客>springBoot

在《Spring-Boot-shiro权限控制》中,当用户访问没有权限的资源时,我们采取的做法是跳转到403页面,但在实际项目中更为常见的做法是只显示当前用户拥有访问权限的资源链接。配合Thymeleaf中的Shiro标签可以很简单的实现这个目标。

实际上Thymeleaf官方并没有提供Shiro的标签,我们需要引入第三方实现,地址为https://github.com/theborakompanioni/thymeleaf-extras-shiro。

引入thymeleaf-extras-shiro

在pom中引入:

1
2
3
4
5
<dependency>
   <groupId>com.github.theborakompanioni</groupId>
   <artifactId>thymeleaf-extras-shiro</artifactId>
   <version>2.0.0</version>
</dependency>


ShiroConfig配置

引入依赖后,需要在ShiroConfig中配置该方言标签:

1
2
3
4
 @Bean
public ShiroDialect shiroDialect() {
   return new ShiroDialect();
}


首页改造

更改index.html,用于测试Shiro标签的使用:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 <!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
     xmlns:shiro="http://www.pollix.at/thymeleaf/shiro" >
<head>
   <meta charset="UTF-8">
   <title>首页</title>
</head>
<body>
   <p>你好![[${user.userName}]]</p>
   <p shiro:hasRole="admin">你的角色为超级管理员</p>
   <p shiro:hasRole="test">你的角色为测试账户</p>
   <div>
       <a shiro:hasPermission="user:user" th:href="@{/user/list}">获取用户信息</a>
       <a shiro:hasPermission="user:add" th:href="@{/user/add}">新增用户</a>
       <a shiro:hasPermission="user:delete" th:href="@{/user/delete}">删除用户</a>
   </div>
   <a th:href="@{/logout}">注销</a>
</body>
</html>


值得注意的是,在html页面中使用Shiro标签需要给html标签添加xmlns:shiro="http://www.pollix.at/thymeleaf/shiro"

测试

启动项目,使用mrbird(角色为admin,具有user:user,user:add,user:delete权限)账户登录:

QQ截图20171214150454.png

使用tester(角色为tester,仅有user:user权限)账户登录:

QQ截图20171214150617.png

更多标签

The following examples show how to integrate the tags in your Thymeleaf templates. These are all implementations of the examples given in the JSP / GSP Tag Library Section of the Apache Shiro documentation.

Tags can be written in attribute or element notation:

Attribute

1
2
3
<p shiro:anyTag>
 Goodbye cruel World!
</p>

Element

1
2
3
<shiro:anyTag>
 <p>Hello World!</p>
</shiro:anyTag>

The guest tag

1
2
3
<p shiro:guest="">
 Please <a href="login.html">Login</a>
</p>

The user tag

1
2
3
<p shiro:user="">
 Welcome back John! Not John? Click <a href="login.html">here<a> to login.
</p>

The authenticated tag

1
<a shiro:authenticated="" href="updateAccount.html">Update your contact information</a>

The notAuthenticated tag

1
2
3
<p shiro:notAuthenticated="">
 Please <a href="login.html">login</a> in order to update your credit card information.
</p>

The principal tag

1
<p>Hello, <span shiro:principal=""></span>, how are you today?</p>

or

1
<p>Hello, <shiro:principal/>, how are you today?</p>


Typed principal and principal property are also supported.

The hasRole tag

1
<a shiro:hasRole="administrator" href="admin.html">Administer the system</a>

The lacksRole tag

1
2
3
<p shiro:lacksRole="administrator">
 Sorry, you are not allowed to administer the system.
</p>

The hasAllRoles tag

1
2
3
<p shiro:hasAllRoles="developer, project manager">
 You are a developer and a project manager.
</p>

The hasAnyRoles tag

1
2
3
<p shiro:hasAnyRoles="developer, project manager, administrator">
 You are a developer, project manager, or administrator.
</p>

The hasPermission tag

1
<a shiro:hasPermission="user:create" href="createUser.html">Create a new User</a>

The lacksPermission tag

1
2
3
<p shiro:lacksPermission="user:delete">
 Sorry, you are not allowed to delete user accounts.
</p>

The hasAllPermissions tag

1
2
3
<p shiro:hasAllPermissions="user:create, user:delete">
 You can create and delete users.
</p>

The hasAnyPermissions tag

1
2
3
<p shiro:hasAnyPermissions="user:create, user:delete">
 You can create or delete users.
</p>

  • 本文作者: MrBird

  • 本文链接: http://mrbird.cc/Spring-Boot-Themeleaf Shiro tag.html

  • 版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明出处!

# Spring # Shiro # Security # Spring Boot # Thymeleaf


上一篇:

Spring Boot Shiro中使用缓存_Spring Boot 整合Shiro (全套学习四)

下一篇:

Spring Boot Shiro在线会话管理_Spring Boot 整合Shiro (全套学习六)

0 +1
打赏 ×

如果网站能给予您帮助,欢迎给网站捐助,给我打赏个吧!
您的支持是我的动力,让网站能一直陪伴着大家,共同学习进步。
捐助费用将用于网站日常运营(服务器租费、域名租费等)
捐助者请发送邮箱提供姓名至 zhaoqn@163.com 留言以表感谢。

网友评论


  • 验证码:

热门评论

本月热门

推荐资料

精彩评论

回到顶部