英文:
How can I get a Permission List from Subject
问题
Here is the translated content you requested:
我想从主体获取所有权限的 List
在我的使用情况下,我想将所有权限存储在列表中以进行缓存。
我有一个带有左侧菜单的Web应用程序。
对于每个菜单项,我想检查我的主体是否被授权访问它。
目前,对于大约 300 个菜单项,这将花费很长时间。
因此,我想将 List<String> permissionList 存储在会话中。
我的配置如下:
配置JDBC Realm数据源。
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = select password FROM user where UPPER(email)=UPPER(?) and status = 'ACTIVE'
jdbcRealm.userRolesQuery = SELECT r.unique_name FROM permission_role_employee pe JOIN permission_role r ON pe.permission_role_fk = r.permission_role_id JOIN employee e ON pe.employee_fk = e.employee_id JOIN user u ON e.user_fk = u.user_id WHERE UPPER(u.email)=UPPER(?) AND pe.delete_flag = false
jdbcRealm.permissionsQuery = SELECT p.unique_name FROM permission_role_object po JOIN permission p ON po.permission_fk = p.permission_id JOIN permission_role r ON po.permission_role_fk = r.permission_role_id WHERE UPPER(r.unique_name)=UPPER(?) AND po.delete_flag = false
jdbcRealm.dataSource = $ds
jdbcRealm.credentialsMatcher = $sha512Matcher
用于Token登录的Realm
tcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
tcRealm.permissionsLookupEnabled = true
tcRealm.authenticationQuery = SELECT token FROM api_token WHERE token = ?
tcRealm.userRolesQuery = SELECT r.unique_name FROM permission_role_employee pe JOIN permission_role r ON pe.permission_role_fk = r.permission_role_id JOIN employee e ON pe.employee_fk = e.employee_id JOIN api_token t ON t.employee_fk = e.employee_id WHERE UPPER(t.token)=UPPER(?) AND t.delete_flag = false
tcRealm.permissionsQuery = SELECT p.unique_name FROM permission_role_object po JOIN permission p ON po.permission_fk = p.permission_id JOIN permission_role r ON po.permission_role_fk = r.permission_role_id WHERE UPPER(r.unique_name)=UPPER(?) AND po.delete_flag = false
tcRealm.dataSource = $ds
所以我正在使用 org.apache.shiro.realm.jdbc.JdbcRealm。
我知道有一个像这样的函数:
AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals){...}
在这个函数中有一个:
Set
这些信息正是我需要存储在我的会话中的。我如何获取这些信息?
英文:
I would like to get a List<String> from all permissions from a Subject.
In my use case I would like to store all Permissions in a list to cache it.
I have a web application with a Menu on my left side.
For each Menu Item I would like to check if my Subject is permitted for it.
Currently this will take a lot of time to check for approx. 300 Menu items it.
Therefore I would like to store the List<String> permissonList it in the session.
My config is like this:
# Configure JDBC realm datasource.
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = select password FROM user where UPPER(email)=UPPER(?) and status = 'ACTIVE'
jdbcRealm.userRolesQuery = SELECT r.unique_name FROM permission_role_employee pe JOIN permission_role r ON pe.permission_role_fk = r.permission_role_id JOIN employee e ON pe.employee_fk = e.employee_id JOIN user u ON e.user_fk = u.user_id WHERE UPPER(u.email)=UPPER(?) AND pe.delete_flag = false
jdbcRealm.permissionsQuery = SELECT p.unique_name FROM permission_role_object po JOIN permission p ON po.permission_fk = p.permission_id JOIN permission_role r ON po.permission_role_fk = r.permission_role_id WHERE UPPER(r.unique_name)=UPPER(?) AND po.delete_flag = false
jdbcRealm.dataSource = $ds
jdbcRealm.credentialsMatcher = $sha512Matcher
# Realm for Token Login
tcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
tcRealm.permissionsLookupEnabled = true
tcRealm.authenticationQuery = SELECT token FROM api_token WHERE token = ?
tcRealm.userRolesQuery = SELECT r.unique_name FROM permission_role_employee pe JOIN permission_role r ON pe.permission_role_fk = r.permission_role_id JOIN employee e ON pe.employee_fk = e.employee_id JOIN api_token t ON t.employee_fk = e.employee_id WHERE UPPER(t.token)=UPPER(?) AND t.delete_flag = false
tcRealm.permissionsQuery = SELECT p.unique_name FROM permission_role_object po JOIN permission p ON po.permission_fk = p.permission_id JOIN permission_role r ON po.permission_role_fk = r.permission_role_id WHERE UPPER(r.unique_name)=UPPER(?) AND po.delete_flag = false
tcRealm.dataSource = $ds
So I´m using the org.apache.shiro.realm.jdbc.JdbcRealm.
Is know there is a function like this:
AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals){...}
And in this function there is a:
Set<String> permissions = null;
This information is exactly what I need to store it in my Session.
How can I get this information?
答案1
得分: 1
以下是已翻译好的内容:
如果配置了缓存管理器,权限列表将会自动缓存:
https://shiro.apache.org/caching.html
这些信息在更高级别上不会暴露出来。话虽如此,如果您想解决这个问题,并且您提前知道您的应用程序中可能出现的所有权限字符串,您可以像这样操作:
boolean[] results = subject.isPermitted(listOfAllPermissions);
注意:此解决方法仅适用于基本情况。启用缓存管理器将适用于所有情况。
英文:
The list of permission will be cached automatically if you configure a cache manager:
https://shiro.apache.org/caching.html
This information is not exposed at a higher level. That said, if you wanted to work around this, and you know in advance all the permission strings possible in your application, you could do something like this:
boolean[] results = subject.isPermitted(listOfAllPermissions);
NOTE: This workaround would only work for basic cases. Enabling a Cache Manager will work in all cases.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论