Shulou(Shulou.com)06/03 Report--

Spring and Shiro integration and loading permission expression problem is what, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, hope you can get something.

How to load permission expressions

We drew a picture in the previous chapter, which has three items, user role permissions.

So then we have to think about the question, where does the data in these three tables come from?

User table

First of all, take a look at the user table. The database of the user table is registered from the user.

Role

If we create a character, we must create it manually, but before we create a character? Do you need to have permissions before you can create roles? Because roles depend on permissions, as long as we have permissions first, we can classify them and assign them to one of our roles.

So our breakthrough is how to load permissions.

We can open our Cotroller and on the API, we can see that all those with Shiro annotations need to have the corresponding permissions to access them:

Reload permissions

So, the question is, how do we store the permission expressions (employee:edit) in the annotations into the database?

In the previous operation, we manually copied and pasted the expression into the database, that is, manually added, then you think, if you need to add a lot of permissions, we still use manual way, obviously very troublesome!

Well, can we think of a way, that is, let the user click or enter this interface to execute a method and immediately ask it to take out all the permission expressions in Cotroller and store them in the database?

Can you do that?

The answer is yes!

We have a function on the page to reload permissions, which means that when we click on the code you add, when you add a permission to the interface, it will help you re-save all the newly added permissions in Cotrolle to the database.

This button is a Url, and when clicked, it goes to the interface method we wrote in Cotroller:

Next, let's look at how the reload interface is written:

The middle part is to get the permission expression, and the arrow is to call the Sql save operation performed by the j port, that is, insert.

This time, the interface is the way to save objects, and the specific writing of the interface is also very simple. In fact, just like user registration, you can use name (permission name) resource (expression) as an insert field.

Then, by calling the interface at the end of the aspect, you need to pass in an object (Permisssion p) that is the permission name and expression object we saved.

Specific Sql statement writing method:

Insert into permission (name,resource) values ("permissionName", "PermissionResource")

Write custom annotations to get permission nicknames

In the reload interface, all we get is the expression and the Requesmapping, but we have a column in the database that is the permission name, because the expression alone does not know its Chinese meaning, so we need to customize the annotation to get the internal Chinese interpretation of the annotation.

We can see that this annotation will report an error, because this annotation is not built into spring or java, let alone the jar package that the third party depends on, but requires our customization, so the custom annotation name can be chosen freely, but it must be meaningful.

Let's take a look at how custom annotations are created

1. Write your own notes

According to the example above, my name is @ PermissionName.

two。 Create an annotation under the realm path (based on the structural definition of the company project)

Note, Kind: be sure to choose Annotation (custom annotations); Name can be used freely, but it must be meaningful. I'll just call it PermissionName here.

I will create the annotations in the realm directory here, because after all, this is also a part of Shiro, and you can also put it under the toolkit. According to the company's project structure, if this is a newly added function, it is recommended to put it under the realm package and note it inside.

3. Write custom annotation classes

The note only gets the permission name to use, and the above structure can be written dead.

Resolve the problem of repeated insertion (deduplicated)

After the writing is complete, we start to go into the test, and let's see if it can be executed successfully, saving the permission name and expression into the database:

The execution was successful, and all the permission lists were loaded and saved to the database

But the question is, what happens if we click on the load permission list again?

We found that repeated addition, this situation is absolutely not allowed in the actual development, how to solve it?

De-repetition operation

We need to add another function in step 0 of the PermissionController class, which is to remove the

At this time, we need to call the API to query the database to see if there are any duplicates. If there is a repetition, we will skip it. If not, we will save it.

1. We write an interface to gain access to all employees

/ * * get all permission expressions * / ListgetAllResources ()

two。 Write Sql

Select resource From permission

Permission is the table, and resource is the column (permission expression); we just need to get this one column

3. Write implementation classes

The implementation class is very simple: drop the Mapper layer, execute sql, and receive it with the collection. After the data is received, you can directly retrun it.

4. Called in the Controller class

Drawing arrows is a new addition, which can be written according to the above guidelines.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.