[英]how check multiple shiro permissions in database table?
我有roles_perms表如下
id || username || role_name || perms_name
1 root admin page:show:*;folder:show:*
2 user1 editor page:show:editorpage,page1;folder:show:folder45,folder55
但是下面的代碼行不會返回預期的結果。
// for user with role "admin"
System.out.println("Test 1 :"+SecurityUtils.getSubject().isPermitted("page:show:*")); // false
System.out.println("Test 2 :"+SecurityUtils.getSubject().isPermitted("page:show:*;folder:show:*")); // true
output:
Test1 :false
Test2 :true
// for user with role "editor"
System.out.println("Test 3 :"+SecurityUtils.getSubject().isPermitted("page:show:page1")); // false
System.out.println("Test 4 :"+SecurityUtils.getSubject().isPermitted("page:show:page1;folder:show:folder55")); // false
output:
Test3 :false
Test4 :false
更新:
shiro.ini文件
[main]
ds = org.apache.shiro.jndi.JndiObjectFactory
ds.requiredType = javax.sql.DataSource
ds.resourceName = jdbc/imgDB
ds.resourceRef = true
jdbcRealm = com.java.realm.MyRealm
# 1000 ms = 1 sec
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 1800000
# password hashing specification
sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
sha256Matcher.hashAlgorithmName = SHA-256
jdbcRealm.credentialsMatcher = $sha256Matcher
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT password FROM shiro_users WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role_name FROM shiro_user_roles WHERE username = ?
jdbcRealm.permissionsQuery = SELECT perms_name FROM shiro_roles_perms WHERE role_name = ? AND username = ?
jdbcRealm.dataSource = $ds
jdbcRealm.authorizationCachingEnabled = false
# specify login page
authc.loginUrl = /login.jsp
# redirect after successful login
authc.successUrl = /home.jsp
# roles filter: redirect to error page if user does not have access rights
# perms filter: redirect to error page if user does not have permissions
roles.unauthorizedUrl = /accessdenied.jsp
perms.unauthorizedUrl = /accessdenied.jsp
# request parameter with login error information; if not present filter assumes 'shiroLoginFailure'
# authc.failureKeyAttribute = simpleShiroApplicationLoginFailure
[urls]
/login.jsp = authc
/admin/** = authc,roles[admin]
/editor/** = authc
# enable authc filter for all application pages
/ApacheShiroLogin/** = authc
請澄清您的問題。 標題詢問有關從數據庫表獲取值的問題。 但是,該帖子使用SercurityUtils對象。 數據庫表不等於SecurityUtils。
如果要從數據庫表中選擇值。 您需要指定所使用的數據庫類型,架構等。然后實現語句以從數據庫中選擇值。
如果您試圖將Shiro配置為使用數據庫,請發布shiro配置。
請發布您的Shiro配置。 這可能會給人們足夠的信息來幫助您:)
必須將Shiro配置為使用數據庫。
更新:
在您的Shiro配置中,tou需要將您的領域添加到安全管理器中:
securityManager.realm = $jdbcRealm
您還需要驗證jndi查找是否已正確配置。
另外,請張貼上下文“但遵循以下代碼...”。 您是否提交了有效的登錄信息。 如果是這樣,怎么辦? “代碼行”位於何處? 如何調用它?
如何在Java中檢查數據庫表權限? (獨立於數據庫)
[英]how to check database table permissions in java? (DataBase independently)
Apache shiro-如何通過單個數據庫表支持多種用戶類型
[英]Apache shiro - How to support multiple user types with individual database tables
在shiro中為用戶分配多個權限或多個角色哪個更好?
[英]which is better assign multiple permissions or multiple roles to user in shiro?
Apache Shiro - 使用數據庫讀取用戶,角色和權限
[英]Apache Shiro - using database to read users, roles and permissions
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.