shiro动态修改权限，解决重启

 

shrio动态修改权限，解决重启

 

=====================解决重启===================

<bean id="myShiroFilterFactory" class="com.esteel.common.MyShiroFilterFactory">

<property name="filterChainDefinitions">  

       <value>  

           /admin/ = anon

/index/ = anon

/index = anon

/login = anon

/logout = logout

/getRandomValidateCode = anon

/verifyCode = anon

/admin/** = anon

 

                /main**=authc  

                /ui/info**=authc  

                /ui/listUser**=authc,perms[admin:manage]  

                /dwzIndex**=authc,perms[admin:manage]

       </value>  

   </property>  

</bean> 

 

package com.esteel.common;

 

import java.util.ArrayList;

import java.util.HashMap;

import java.util.HashSet;

import java.util.Iterator;

import java.util.List;

import java.util.Map;

import java.util.Set;

 

import org.apache.shiro.config.Ini;

import org.apache.shiro.config.Ini.Section;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.filter.mgt.DefaultFilterChainManager;

import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;

import org.apache.shiro.web.servlet.AbstractShiroFilter;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.beans.BeansException;

import org.springframework.beans.factory.FactoryBean;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.web.context.ContextLoader;

import org.springframework.web.context.WebApplicationContext;

 

import com.esteel.system.bean.OpmMenuitem;

import com.esteel.system.bean.OpmMenuitemlimit;

import com.esteel.system.beanVo.OpmRolelimitVo;

import com.esteel.system.service.OpmMenuitemService;

import com.esteel.system.service.OpmMenuitemlimitService;

import com.esteel.system.service.OpmRolelimitService;

 

 

/**

 * 自定义shiro过滤器，初始化时从数据库读入url权限

 * 

 * @author 20005

 * @createDate 2014-7-23 上午09:38:26

 */

public class MyShiroFilterFactory  {

private static Logger logger = LoggerFactory

.getLogger(MyShiroFilterFactory.class);

    @Autowired

    private ShiroFilterFactoryBean shiroFilter;

 

 

    @Autowired

private OpmRolelimitService opmRolelimitService;

 

@Autowired

private OpmMenuitemlimitService opmMenuitemlimitService;

 

@Autowired

private OpmMenuitemService opmMenuitemService;

 

    private String filterChainDefinitions;

    

 

 

 

/**

* 初始化时加载filterChainDefinitions

*/

public MyShiroFilterFactory() {

//super();

//chainDefinitionSectionMetaSource.getObject();

// 从数据库中读入URL权限列表

//setFilterChainDefinitionMap(chainDefinitionSectionMetaSource.getObject());

//    shiroFilterFactoryBean=this;

}

 

/**

* 重新加载数据库权限

* 

* @author 20005

* @createDate 2014-7-28 下午05:28:04

*/

public  void reloadChainDefinitions() {

WebApplicationContext wac = ContextLoader.getCurrentWebApplicationContext();

//ServletContext context = getServletContext();  

//WebApplicationContext applicationContext  = WebApplicationContextUtils.getWebApplicationContext(context);

//System.out.println(myShiroFilte);

AbstractShiroFilter shiroFilter1 = null;

try {

shiroFilter1 = (AbstractShiroFilter) shiroFilter

.getObject();

} catch (Exception e) {

logger.error("getShiroFilter from shiroFilterFactoryBean error!", e);

}

 

PathMatchingFilterChainResolver filterChainResolver = (PathMatchingFilterChainResolver) shiroFilter1

.getFilterChainResolver();

DefaultFilterChainManager manager = (DefaultFilterChainManager) filterChainResolver

.getFilterChainManager();

 

// 清空老的权限控制

manager.getFilterChains().clear();

 

shiroFilter.getFilterChainDefinitionMap().clear();

try {

shiroFilter.setFilterChainDefinitionMap(getObject());

} catch (Exception e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

// 重新构建生成

Map<String, String> chains = shiroFilter

.getFilterChainDefinitionMap();

for (Map.Entry<String, String> entry : chains.entrySet()) {

String url = entry.getKey();

String chainDefinition = entry.getValue().trim().replace(" ", "");

manager.createChain(url, chainDefinition);

}

}

 

 

//    @Autowired

//    private ResourceDao resourceDao;

 

 

   /**

    * 默认premission字符串

    */

   public static final String PREMISSION_STRING="perms[\"{0}\"]";

 

   public  Section getObject() throws BeansException {

 

       //获取所有Resource

       List<OpmRolelimitVo> list =new ArrayList<OpmRolelimitVo>();

       List<OpmRolelimitVo> listAll =new ArrayList<OpmRolelimitVo>();

       list= opmRolelimitService.getRoleLimtContro();

       OpmMenuitem item = new OpmMenuitem();

       List<OpmMenuitem> items =opmMenuitemService.getMenuItems(item);

       OpmMenuitemlimit opmMenuitemlimit = new OpmMenuitemlimit();

       List<OpmMenuitemlimit> opmMenuitemlimits =opmMenuitemlimitService.getOpmMenuitemlimit(opmMenuitemlimit);

       List<OpmMenuitem> itemsb =new ArrayList<OpmMenuitem>();

       List<OpmMenuitemlimit> opmMenuitemlimitsb =new ArrayList<OpmMenuitemlimit>();

       Set<String> itms= new HashSet<String>();

       Set<String> itmls= new HashSet<String>();

       for (Iterator<OpmRolelimitVo> it1 = list.iterator(); it1.hasNext();) {

       OpmRolelimitVo resource = it1.next();

       if(resource.getMenuitemid()!=null){

           //如果不为空值添加到section中

           if(!"".equals(resource.getMenuitemid()) &&!"".equals(resource.getMenuitemid())) {

           itms.add(resource.getMenuitemid());

           }

            }

       if(resource.getMenuitemlimitid()!=null&&(resource.getMenuitemlimitid()!=null)&&!"".equals(resource.getMenuitemlimitid())){

       itmls.add(resource.getMenuitemlimitid());

       }

       }

       for(String im :itms){

       OpmMenuitem o = new OpmMenuitem();

       o.setId(im);

       itemsb.add(o);

       }

       for(String im :itmls){

       OpmMenuitemlimit o = new OpmMenuitemlimit();

       o.setId(im);

       opmMenuitemlimitsb.add(o);

       }

       items.removeAll(itemsb);

       opmMenuitemlimits.removeAll(opmMenuitemlimitsb);

       

       Ini ini = new Ini();

       //加载默认的url

       ini.load(filterChainDefinitions);

       Ini.Section section = ini.getSection(Ini.DEFAULT_SECTION_NAME);

       //循环Resource的url,逐个添加到section中。section就是filterChainDefinitionMap,

       //里面的键就是链接URL,值就是存在什么条件才能访问该链接

       Map<String,Set<String>> mapr = new HashMap<String,Set<String>>();

       Set<String> roleIds=null;

       Set<String> mlroleIds=null;

       if(list!=null&&list.size()>0){

       for(OpmRolelimitVo r :list){

       roleIds=new HashSet<String>();

           mlroleIds=new HashSet<String>();

            for (Iterator<OpmRolelimitVo> it = list.iterator(); it.hasNext();) {

       OpmRolelimitVo resource = it.next();

       if(r.getMenuitemid().equals(resource.getMenuitemid())){

           //如果不为空值添加到section中

           if(!"".equals(resource.getMenuitemid()) &&!"".equals(resource.getMenuitemid())) {

           roleIds.add(resource.getRoleid());

           }

            }

       if(r.getMenuitemlimitid()!=null&&resource.getMenuitemlimitid()!=null&&(r.getMenuitemlimitid().equals(resource.getMenuitemlimitid()))){

       mlroleIds.add(resource.getRoleid());

       }

       }

     //这里可以直接转set用section

   mapr.put(r.getMuri(), roleIds);

   mapr.put(r.getMluri(), mlroleIds);

       }

       }

       StringBuffer au=null;

       String st="";

       for(Map.Entry<String, Set<String>> en:mapr.entrySet()){

       au = new StringBuffer();

       au.append("authc,role[");

       for(String a :en.getValue()){

       au.append("\""+a+"\",");

       }

       String strau=au.substring(0,au.lastIndexOf(","));

       strau+="]";

       st+=en.getKey()+">>>>"+strau+"\n";

        section.put(en.getKey()+"**",strau);

       }

//        section.put("dwzIndex", MessageFormat.format(PREMISSION_STRING, "authc,perms[admin:manage]"));格式错了

       //

      // section.put(resource.getMenuitemid(), MessageFormat.format(PREMISSION_STRING, resource.getMenuitemid()));

//        section.put("/system/tbBasBed/list**","authc,perms[admin:manage]");

       System.out.println(st);

       for(OpmMenuitem i: items){

       section.put(i.getUri()+"**","authc,role[tempr]");

       }

       for(OpmMenuitemlimit i: opmMenuitemlimits){

       section.put(i.getUri()+"**","authc,role[tempr]");

       }

       return section;

   }

 

   /**

    * 通过filterChainDefinitions对默认的url过滤定义

    * 

    * @param filterChainDefinitions 默认的url过滤定义

    */

   public void setFilterChainDefinitions(String filterChainDefinitions) {

       this.filterChainDefinitions = filterChainDefinitions;

   }

 

   public Class<?> getObjectType() {

       return this.getClass();

   }

 

   public boolean isSingleton() {

       return false;

   }

 

}

 

@Controller

public class OpmRoleController extends BaseController {

 

 

 

@Autowired

private MyShiroFilterFactory myShiroFilterFactory;

 

@SuppressWarnings("unused")

@RequestMapping(value = "/system/opmRole/update", method = RequestMethod.POST)

public ModelAndView opmUpdate(OpmRole opmRole,HttpServletRequest request,Model modle) throws Exception {

int flag=0;

OpmMenufolder folder = new OpmMenufolder();

folder.setParentid("100000");

List<OpmMenufolder> opmMenufolders= opmMenufolderService.getOpmMenufolder(folder);

String[] a=new String[]{};

List<String> list = new ArrayList<String>();

try{

for(OpmMenufolder o: opmMenufolders){

a=request.getParameterValues(o.getId());

if(a==null||"".equals(a)){

continue;

}

list.addAll(Arrays.asList(a));

}

Map<String,Object> param = new HashMap<String,Object>();

OpmRolelimit opmLimt = new OpmRolelimit();

String org= opmRole.getOrganid();

flag = opmRoleService.updateRole(opmRole, list);

//

myShiroFilterFactory.reloadChainDefinitions();

return ajaxDoneOpm("/commonuntil/ajaxDone",200,"操作成功！","opmRoleNavUi","/system/opmRole/editUi","closeCurrent");

}catch (Exception e){

return ajaxDoneOpm("/commonuntil/ajaxDone",300,"添加失败！","opmRoleNavUi","/system/opmRole/editUi","closeCurrent");

//throw new Exception("操作失败！");

}

 

 

}

 

}

 

 

////////////////////////////////动态加载权限//////////////////////////

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

<property name="securityManager" ref="securityManager" />

<property name="loginUrl" value="/ui/login.jsp" />

<property name="successUrl" value="/ui/dwzIndex.jsp" />

<property name="unauthorizedUrl" value="/ui/accessDenied.jsp" />

<property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" />   

<property name="filters">

<map>

<entry key="authc" value-ref="authenticationFilter" /> 

<entry key="role" value-ref="roleAuthorizationFilter" /> 

</map>

</property>

</bean>

    <bean id="chainDefinitionSectionMetaSource" class="com.esteel.common.ChainDefinitionSectionMetaSource">  

  

   <property name="filterChainDefinitions">  

       <value>  

           /admin/ = anon

/index/ = anon

/index = anon

/login = anon

/logout = logout

/getRandomValidateCode = anon

/verifyCode = anon

/admin/** = anon

 

                /main**=authc  

                /ui/info**=authc  

                /ui/listUser**=authc,perms[admin:manage]  

                /dwzIndex**=authc,perms[admin:manage]

       </value>  

   </property>  

   </bean>   

 

 

 

 

package com.esteel.common;

 

import java.util.ArrayList;

import java.util.HashMap;

import java.util.HashSet;

import java.util.Iterator;

import java.util.List;

import java.util.Map;

import java.util.Set;

 

import org.apache.shiro.config.Ini;

import org.apache.shiro.config.Ini.Section;

import org.springframework.beans.BeansException;

import org.springframework.beans.factory.FactoryBean;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.stereotype.Component;

import org.springframework.stereotype.Controller;

 

import com.esteel.system.bean.OpmMenuitem;

import com.esteel.system.bean.OpmMenuitemlimit;

import com.esteel.system.beanVo.OpmRolelimitVo;

import com.esteel.system.service.OpmMenuitemService;

import com.esteel.system.service.OpmMenuitemlimitService;

import com.esteel.system.service.OpmRolelimitService;

 

public class ChainDefinitionSectionMetaSource implements FactoryBean<Ini.Section>{

 

//    @Autowired

//    private ResourceDao resourceDao;

@Autowired

private OpmRolelimitService opmRolelimitService;

 

@Autowired

private OpmMenuitemlimitService opmMenuitemlimitService;

 

@Autowired

private OpmMenuitemService opmMenuitemService;

 

    private String filterChainDefinitions;

    

 

    /**

     * 默认premission字符串

     */

    public static final String PREMISSION_STRING="perms[\"{0}\"]";

 

    public Section getObject() throws BeansException {

 

        //获取所有Resource

        List<OpmRolelimitVo> list =new ArrayList<OpmRolelimitVo>();

        List<OpmRolelimitVo> listAll =new ArrayList<OpmRolelimitVo>();

        list= opmRolelimitService.getRoleLimtContro();

        OpmMenuitem item = new OpmMenuitem();

        List<OpmMenuitem> items =opmMenuitemService.getMenuItems(item);

        OpmMenuitemlimit opmMenuitemlimit = new OpmMenuitemlimit();

        List<OpmMenuitemlimit> opmMenuitemlimits =opmMenuitemlimitService.getOpmMenuitemlimit(opmMenuitemlimit);

        List<OpmMenuitem> itemsb =new ArrayList<OpmMenuitem>();

        List<OpmMenuitemlimit> opmMenuitemlimitsb =new ArrayList<OpmMenuitemlimit>();

        Set<String> itms= new HashSet<String>();

        Set<String> itmls= new HashSet<String>();

        for (Iterator<OpmRolelimitVo> it1 = list.iterator(); it1.hasNext();) {

        OpmRolelimitVo resource = it1.next();

        if(resource.getMenuitemid()!=null){

            //如果不为空值添加到section中

            if(!"".equals(resource.getMenuitemid()) &&!"".equals(resource.getMenuitemid())) {

            itms.add(resource.getMenuitemid());

            }

             }

        if(resource.getMenuitemlimitid()!=null&&(resource.getMenuitemlimitid()!=null)&&!"".equals(resource.getMenuitemlimitid())){

        itmls.add(resource.getMenuitemlimitid());

        }

        }

        for(String im :itms){

        OpmMenuitem o = new OpmMenuitem();

        o.setId(im);

        itemsb.add(o);

        }

        for(String im :itmls){

        OpmMenuitemlimit o = new OpmMenuitemlimit();

        o.setId(im);

        opmMenuitemlimitsb.add(o);

        }

        items.removeAll(itemsb);

        opmMenuitemlimits.removeAll(opmMenuitemlimitsb);

        

        Ini ini = new Ini();

        //加载默认的url

        ini.load(filterChainDefinitions);

        Ini.Section section = ini.getSection(Ini.DEFAULT_SECTION_NAME);

        //循环Resource的url,逐个添加到section中。section就是filterChainDefinitionMap,

        //里面的键就是链接URL,值就是存在什么条件才能访问该链接

        Map<String,Set<String>> mapr = new HashMap<String,Set<String>>();

        Set<String> roleIds=null;

        Set<String> mlroleIds=null;

        if(list!=null&&list.size()>0){

        for(OpmRolelimitVo r :list){

        roleIds=new HashSet<String>();

            mlroleIds=new HashSet<String>();

             for (Iterator<OpmRolelimitVo> it = list.iterator(); it.hasNext();) {

        OpmRolelimitVo resource = it.next();

        if(r.getMenuitemid().equals(resource.getMenuitemid())){

            //如果不为空值添加到section中

            if(!"".equals(resource.getMenuitemid()) &&!"".equals(resource.getMenuitemid())) {

            roleIds.add(resource.getRoleid());

            }

             }

        if(r.getMenuitemlimitid()!=null&&resource.getMenuitemlimitid()!=null&&(r.getMenuitemlimitid().equals(resource.getMenuitemlimitid()))){

        mlroleIds.add(resource.getRoleid());

        }

        }

      //这里可以直接转set用section

    mapr.put(r.getMuri(), roleIds);

    mapr.put(r.getMluri(), mlroleIds);

        }

        }

        StringBuffer au=null;

        String st="";

        for(Map.Entry<String, Set<String>> en:mapr.entrySet()){

        au = new StringBuffer();

        au.append("authc,role[");

        for(String a :en.getValue()){

        au.append("\""+a+"\",");

        }

        String strau=au.substring(0,au.lastIndexOf(","));

        strau+="]";

        st+=en.getKey()+">>>>"+strau+"\n";

         section.put(en.getKey()+"**",strau);

        }

//        section.put("dwzIndex", MessageFormat.format(PREMISSION_STRING, "authc,perms[admin:manage]"));格式错了

        //

       // section.put(resource.getMenuitemid(), MessageFormat.format(PREMISSION_STRING, resource.getMenuitemid()));

//        section.put("/system/tbBasBed/list**","authc,perms[admin:manage]");

        System.out.println(st);

        for(OpmMenuitem i: items){

        section.put(i.getUri()+"**","authc,role[tempr]");

        }

        for(OpmMenuitemlimit i: opmMenuitemlimits){

        section.put(i.getUri()+"**","authc,role[tempr]");

        }

        return section;

    }

 

    /**

     * 通过filterChainDefinitions对默认的url过滤定义

     * 

     * @param filterChainDefinitions 默认的url过滤定义

     */

    public void setFilterChainDefinitions(String filterChainDefinitions) {

        this.filterChainDefinitions = filterChainDefinitions;

    }

 

    public Class<?> getObjectType() {

        return this.getClass();

    }

 

    public boolean isSingleton() {

        return false;

    }

 

}