org.apache.shiro.authz.annotation.RequiresRoles Java Examples

The following examples show how to use org.apache.shiro.authz.annotation.RequiresRoles. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SysPermissionController.java    From jeecg-boot-with-activiti with MIT License 6 votes vote down vote up
/**
  * 批量删除菜单
 * @param ids
 * @return
 */
@RequiresRoles({ "admin" })
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<SysPermission> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
	Result<SysPermission> result = new Result<>();
	try {
           String[] arr = ids.split(",");
		for (String id : arr) {
			if (oConvertUtils.isNotEmpty(id)) {
				sysPermissionService.deletePermission(id);
			}
		}
		result.success("删除成功!");
	} catch (Exception e) {
		log.error(e.getMessage(), e);
		result.error500("删除成功!");
	}
	return result;
}
 
Example #2
Source File: MenuController.java    From Mario with Apache License 2.0 6 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "create", method = RequestMethod.POST)
public String create(@Valid Menu menu, BindingResult result, Model model,
        RedirectAttributes redirectAttributes) {
    if (result.hasErrors()) {
        Menu topMenu = accountService.getTopMenu();
        menu.setParent(topMenu);

        model.addAttribute("menu", menu);
        model.addAttribute("allShows", allShows);
        model.addAttribute("action", "create");

        return "account/menuForm";
    }
    generateMenuParentIds(menu);
    accountService.saveMenu(menu);
    redirectAttributes.addFlashAttribute("message", "创建菜单成功");

    return "redirect:/account/menu";
}
 
Example #3
Source File: QuartzJobController.java    From teaching with Apache License 2.0 6 votes vote down vote up
/**
 * 暂停定时任务
 * 
 * @param jobClassName
 * @return
 */
@RequiresRoles("admin")
@GetMapping(value = "/pause")
@ApiOperation(value = "暂停定时任务")
public Result<Object> pauseJob(@RequestParam(name = "jobClassName", required = true) String jobClassName) {
	QuartzJob job = null;
	try {
		job = quartzJobService.getOne(new LambdaQueryWrapper<QuartzJob>().eq(QuartzJob::getJobClassName, jobClassName));
		if (job == null) {
			return Result.error("定时任务不存在!");
		}
		scheduler.pauseJob(JobKey.jobKey(jobClassName.trim()));
	} catch (SchedulerException e) {
		throw new JeecgBootException("暂停定时任务失败");
	}
	job.setStatus(CommonConstant.STATUS_DISABLE);
	quartzJobService.updateById(job);
	return Result.ok("暂停定时任务成功");
}
 
Example #4
Source File: UserController.java    From xmanager with Apache License 2.0 6 votes vote down vote up
/**
 * 编辑用户
 *
 * @param userVo
 * @return
 */
@RequiresRoles("admin")
@PostMapping("/edit")
@ResponseBody
public Object edit(@Valid UserVo userVo) {
    List<User> list = userService.selectByLoginName(userVo);
    if (list != null && !list.isEmpty()) {
        return renderError("登录名已存在!");
    }
    // 更新密码
    if (StringUtils.isNotBlank(userVo.getPassword())) {
        User user = userService.selectById(userVo.getId());
        String salt = user.getSalt();
        String pwd = passwordHash.toHex(userVo.getPassword(), salt);
        userVo.setPassword(pwd);
    }
    userService.updateByVo(userVo);
    return renderSuccess("修改成功!");
}
 
Example #5
Source File: MenuController.java    From Mario with Apache License 2.0 6 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "update", method = RequestMethod.POST)
public String update(@Valid Menu menu, BindingResult result, Model model,
        RedirectAttributes redirectAttributes) {
    if (result.hasErrors()) {
        menu.setParent(accountService.getMenu(menu.getParentId()));

        model.addAttribute("menu", menu);
        model.addAttribute("allShows", allShows);
        model.addAttribute("action", "update");

        return "account/menuForm";
    }

    generateMenuParentIds(menu);
    accountService.saveMenu(menu);

    resetUserMenu();
    redirectAttributes.addFlashAttribute("message", "保存菜单成功");

    return "redirect:/account/menu";
}
 
Example #6
Source File: MenuController.java    From Mario with Apache License 2.0 6 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "delete/{id}")
public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) {
    if (id == 0) {//顶级菜单
        redirectAttributes.addFlashAttribute("message", "删除菜单失败,顶级菜单不能删除");
        redirectAttributes.addFlashAttribute("success", false);
    }

    List<Role> roles = accountService.getRoleByMenuID(id);
    if (roles == null || roles.size() == 0) {
        accountService.deleteMenu(id);
        redirectAttributes.addFlashAttribute("message", "删除菜单成功");
        redirectAttributes.addFlashAttribute("success", true);
    } else {
        redirectAttributes.addFlashAttribute("message", "删除菜单失败,请先删除该菜单使用的角色,再删除菜单");
        redirectAttributes.addFlashAttribute("success", false);
    }
    return "redirect:/account/menu";
}
 
Example #7
Source File: BlogService.java    From ElementVueSpringbootCodeTemplate with Apache License 2.0 6 votes vote down vote up
/**
 *  增加配置,需要管理员权限
 * @param blog
 * @return
 */
@RequiresRoles(Roles.ADMIN)
public long add(Blog blog) {
    // 参数校验
    notNull(blog, "param.is.null");
    notEmpty(blog.getTitle(), "name.is.null");
    notEmpty(blog.getBody(), "value.is.null");

    // 校验通过后打印重要的日志
    log.info("add blog:" + blog);

    // 校验重复
    check(null == dao.findByTitle(blog.getTitle()), "name.repeat");

    blog = dao.save(blog);

    // 修改操作需要打印操作结果
    log.info("add blog success, id:" + blog.getId());

    return blog.getId();
}
 
Example #8
Source File: RestConfigController.java    From OneBlog with GNU General Public License v3.0 6 votes vote down vote up
@RequiresRoles("role:root")
@PostMapping("/save")
@BussinessLog("修改系统配置")
public ResponseVO save(@RequestParam Map<String, String> configs,
                       @RequestParam(required = false) MultipartFile wxPraiseCode,
                       @RequestParam(required = false) MultipartFile zfbPraiseCode) {
    try {
        sysConfigService.saveConfig(configs);
        sysConfigService.saveFile("wxPraiseCode", wxPraiseCode);
        sysConfigService.saveFile("zfbPraiseCode", zfbPraiseCode);
    } catch (Exception e) {
        e.printStackTrace();
        return ResultUtil.error("系统配置修改失败");
    }
    return ResultUtil.success("系统配置修改成功");
}
 
Example #9
Source File: SysPermissionController.java    From jeecg-boot-with-activiti with MIT License 6 votes vote down vote up
/**
 * 保存角色授权
 * 
 * @return
 */
@RequestMapping(value = "/saveRolePermission", method = RequestMethod.POST)
@RequiresRoles({ "admin" })
public Result<String> saveRolePermission(@RequestBody JSONObject json) {
	long start = System.currentTimeMillis();
	Result<String> result = new Result<>();
	try {
		String roleId = json.getString("roleId");
		String permissionIds = json.getString("permissionIds");
		String lastPermissionIds = json.getString("lastpermissionIds");
		this.sysRolePermissionService.saveRolePermission(roleId, permissionIds, lastPermissionIds);
		result.success("保存成功!");
		log.info("======角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");
	} catch (Exception e) {
		result.error500("授权失败!");
		log.error(e.getMessage(), e);
	}
	return result;
}
 
Example #10
Source File: ConfigService.java    From ElementVueSpringbootCodeTemplate with Apache License 2.0 6 votes vote down vote up
/**
 *  增加配置,需要管理员权限
 * @param config
 * @return
 */
@RequiresRoles(Roles.ADMIN)
public long add(Config config) {
    // 参数校验
    notNull(config, "param.is.null");
    notEmpty(config.getName(), "name.is.null");
    notEmpty(config.getValue(), "value.is.null");

    // 校验通过后打印重要的日志
    log.info("add config:" + config);

    // 校验重复
    check(null == dao.findByName(config.getName()), "name.repeat");

    config = dao.save(config);

    // 修改操作需要打印操作结果
    log.info("add config success, id:" + config.getId());

    return config.getId();
}
 
Example #11
Source File: SysPermissionController.java    From teaching with Apache License 2.0 6 votes vote down vote up
/**
 * 保存部门授权
 *
 * @return
 */
@RequestMapping(value = "/saveDepartPermission", method = RequestMethod.POST)
@RequiresRoles({ "admin" })
public Result<String> saveDepartPermission(@RequestBody JSONObject json) {
	long start = System.currentTimeMillis();
	Result<String> result = new Result<>();
	try {
		String departId = json.getString("departId");
		String permissionIds = json.getString("permissionIds");
		String lastPermissionIds = json.getString("lastpermissionIds");
		this.sysDepartPermissionService.saveDepartPermission(departId, permissionIds, lastPermissionIds);
		result.success("保存成功!");
		log.info("======部门授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");
	} catch (Exception e) {
		result.error500("授权失败!");
		log.error(e.getMessage(), e);
	}
	return result;
}
 
Example #12
Source File: UserService.java    From ElementVueSpringbootCodeTemplate with Apache License 2.0 6 votes vote down vote up
/**
 *  修改密码
 * @param id
 * @param password
 */
//FIXME why not work??!!
@RequiresRoles(Roles.ADMIN)
public void updatePwd(long id, String password) {
       User user = userDao.findOne(id);

       check(user != null , "id.error", id);
       check(checkPwd(password), "password.invalid");

       // FIXME
       log.info("modify password, user id: " + id + ", password:" + password);

       // 生成新密码
       String hash = PasswordUtil.renewPassword(password, user.getSalt());

       user.setPassword(hash);

       userDao.save(user);
   }
 
Example #13
Source File: UserController.java    From Mario with Apache License 2.0 6 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "create", method = RequestMethod.POST)
public String create(@Valid User user, BindingResult result,
        @RequestParam(value = "roleList") List<Long> checkedRoleList, Model model,
        RedirectAttributes redirectAttributes) {
    if (result.hasErrors()) {
        List<Role> roles = accountService.getAllRole();
        model.addAttribute("action", "create");
        model.addAttribute("allRoles", roles);
        model.addAttribute("allStatus", allStatus);
        return "account/userForm";
    }

    // bind roleList
    user.getRoleList().clear();
    for (Long roleId : checkedRoleList) {
        Role role = new Role(roleId);
        user.getRoleList().add(role);
    }

    accountService.saveUser(user);
    redirectAttributes.addFlashAttribute("message", "创建用户成功");
    return "redirect:/account/user";
}
 
Example #14
Source File: SysPermissionController.java    From teaching with Apache License 2.0 6 votes vote down vote up
/**
  * 批量删除菜单
 * @param ids
 * @return
 */
@RequiresRoles({ "admin" })
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<SysPermission> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
	Result<SysPermission> result = new Result<>();
	try {
           String[] arr = ids.split(",");
		for (String id : arr) {
			if (oConvertUtils.isNotEmpty(id)) {
				sysPermissionService.deletePermission(id);
			}
		}
		result.success("删除成功!");
	} catch (Exception e) {
		log.error(e.getMessage(), e);
		result.error500("删除成功!");
	}
	return result;
}
 
Example #15
Source File: SysPermissionController.java    From teaching with Apache License 2.0 6 votes vote down vote up
/**
 * 保存角色授权
 * 
 * @return
 */
@RequestMapping(value = "/saveRolePermission", method = RequestMethod.POST)
@RequiresRoles({ "admin" })
public Result<String> saveRolePermission(@RequestBody JSONObject json) {
	long start = System.currentTimeMillis();
	Result<String> result = new Result<>();
	try {
		String roleId = json.getString("roleId");
		String permissionIds = json.getString("permissionIds");
		String lastPermissionIds = json.getString("lastpermissionIds");
		this.sysRolePermissionService.saveRolePermission(roleId, permissionIds, lastPermissionIds);
		result.success("保存成功!");
		log.info("======角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");
	} catch (Exception e) {
		result.error500("授权失败!");
		log.error(e.getMessage(), e);
	}
	return result;
}
 
Example #16
Source File: AuthorizationFilter.java    From shiro-jersey with Apache License 2.0 5 votes vote down vote up
private static AuthorizingAnnotationHandler createHandler(Annotation annotation) {
    Class<?> t = annotation.annotationType();
    if (RequiresPermissions.class.equals(t)) return new PermissionAnnotationHandler();
    else if (RequiresRoles.class.equals(t)) return new RoleAnnotationHandler();
    else if (RequiresUser.class.equals(t)) return new UserAnnotationHandler();
    else if (RequiresGuest.class.equals(t)) return new GuestAnnotationHandler();
    else if (RequiresAuthentication.class.equals(t)) return new AuthenticatedAnnotationHandler();
    else throw new IllegalArgumentException("Cannot create a handler for the unknown for annotation " + t);
}
 
Example #17
Source File: MenuController.java    From Mario with Apache License 2.0 5 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "create", method = RequestMethod.GET)
public String createForm(Model model) {
    Menu topMenu = accountService.getTopMenu();
    Menu initMenu = new Menu();
    initMenu.setParent(topMenu);

    model.addAttribute("menu", initMenu);
    model.addAttribute("allShows", allShows);
    model.addAttribute("action", "create");

    return "account/menuForm";
}
 
Example #18
Source File: UserController.java    From Mario with Apache License 2.0 5 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "")
public String list(@RequestParam(value = "page", defaultValue = "1") int pageNumber,
        Model model, ServletRequest request) {

    Map<String, Object> searchParams = Servlets.getParametersStartingWith(request, "search_");
    Page<User> users = accountService.searchUser(searchParams, pageNumber, Const.PAGE_SIZE);
    for (User user : users) {
        user.setRoleList(accountService.getRoleByUserID(user.getId()));
    }

    model.addAttribute("users", users);
    model.addAttribute("allStatus", allStatus);
    return "account/userList";
}
 
Example #19
Source File: TestShiroAnnotations.java    From aries-jax-rs-whiteboard with Apache License 2.0 5 votes vote down vote up
@GET
@Produces(MediaType.TEXT_PLAIN)
@Path("/admin")
@RequiresRoles("admin")
public String admin() {
    return "Welcome Admin";
}
 
Example #20
Source File: UserController.java    From Mario with Apache License 2.0 5 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "update/{id}", method = RequestMethod.GET)
public String updateForm(@PathVariable("id") Long id, Model model) {
    User user = accountService.getUser(id);
    List<Role> roles = accountService.getRoleByUserID(id);
    user.setRoleList(roles);

    model.addAttribute("action", "update");
    model.addAttribute("user", user);
    model.addAttribute("allStatus", allStatus);

    model.addAttribute("roleList", roles);
    model.addAttribute("allRoles", accountService.getAllRole());
    return "account/userForm";
}
 
Example #21
Source File: UserController.java    From Mario with Apache License 2.0 5 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "delete/{id}")
public String delete(@PathVariable("id") Long id, RedirectAttributes redirectAttributes) {
    if (id == null || id == 1L) {
        redirectAttributes.addFlashAttribute("message", "删除用户失败,管理员不能删除");
    } else {
        accountService.deleteUser(id);
        redirectAttributes.addFlashAttribute("message", "删除用户成功");
    }
    return "redirect:/account/user";
}
 
Example #22
Source File: AdminController.java    From songjhh_blog with Apache License 2.0 5 votes vote down vote up
@RequiresRoles(value={"blogger","administrator"},logical = Logical.OR)
@RequestMapping("/checkUserList")
private String checkUserList(UserQueryVo userQueryVo, Model model) {
    List<UserCustom> userList = userService.getUserList(userQueryVo);
    model.addAttribute("userList", userList);
    return "admin/userList";
}
 
Example #23
Source File: BlogController.java    From songjhh_blog with Apache License 2.0 5 votes vote down vote up
@RequiresRoles("blogger")
@RequestMapping(value = "/submit",method = RequestMethod.POST)
public String submit(Blog blog, Model model) {
    blogService.insertBlog(blog);
    //blogService.getBlogByTitle(blog.getTitle());
    //blogService.updateAlterTime(blog.getId(),blog);
    return "redirect:/";
}
 
Example #24
Source File: MenuController.java    From Mario with Apache License 2.0 5 votes vote down vote up
@RequiresRoles(value = "admin")
@RequestMapping(value = { "", "list" })
public String list(Model model, ServletRequest request) {
    Map<String, Object> searchParams = Servlets.getParametersStartingWith(request, "search_");

    List<Menu> sortedMenus = Lists.newArrayList();
    List<Menu> allMenus = accountService.searchMenu(searchParams);
    Menu.sortList(sortedMenus, allMenus, 1L);

    model.addAttribute("menus", sortedMenus);
    model.addAttribute("allShows", allShows);
    return "account/menuList";
}
 
Example #25
Source File: RoleController.java    From xmanager with Apache License 2.0 5 votes vote down vote up
/**
 * 授权
 *
 * @param id
 * @param resourceIds
 * @return
 */
@RequiresRoles("admin")
@RequestMapping("/grant")
@ResponseBody
public Object grant(Long id, String resourceIds) {
    roleService.updateRoleResource(id, resourceIds);
    return renderSuccess("授权成功!");
}
 
Example #26
Source File: UserController.java    From xmanager with Apache License 2.0 5 votes vote down vote up
/**
 * 删除用户
 *
 * @param id
 * @return
 */
@RequiresRoles("admin")
@PostMapping("/delete")
@ResponseBody
public Object delete(Long id) {
    Long currentUserId = getUserId();
    if (id == currentUserId) {
        return renderError("不可以删除自己!");
    }
    userService.deleteUserById(id);
    return renderSuccess("删除成功!");
}
 
Example #27
Source File: RoleController.java    From Mario with Apache License 2.0 5 votes vote down vote up
@RequiresRoles(value = "admin")
@RequestMapping(value = { "", "list" })
public String list(@RequestParam(value = "page", defaultValue = "1") int pageNumber,
        Model model, ServletRequest request) {

    Map<String, Object> searchParams = Servlets.getParametersStartingWith(request, "search_");

    Page<Role> roles = accountService.searchRoles(searchParams, pageNumber, Const.PAGE_SIZE);

    model.addAttribute("roles", roles);
    model.addAttribute("searchParams",
            Servlets.encodeParameterStringWithPrefix(searchParams, "search_"));
    return "account/roleList";
}
 
Example #28
Source File: RoleController.java    From Mario with Apache License 2.0 5 votes vote down vote up
@RequiresRoles("admin")
@RequestMapping(value = "create", method = RequestMethod.GET)
public String createForm(Model model) {
    List<Menu> menus = accountService.getAllMenu();
    model.addAttribute("role", new Role());
    model.addAttribute("action", "create");
    model.addAttribute("allMenus", menus);
    return "account/roleForm";
}
 
Example #29
Source File: AdminController.java    From Movie_Recommend with MIT License 5 votes vote down vote up
@RequestMapping(value = "/admin/list")
@RequiresRoles("admin")
public String getUserList(@RequestParam(defaultValue="1")Integer page, @RequestParam(defaultValue="10")Integer rows, String adminname, Model model) {

    Page<Admin> admins = adminService.findAdminList(page, rows, adminname);
    model.addAttribute("page", admins);
    model.addAttribute("adminname", adminname);
    return "adminManage";
}
 
Example #30
Source File: UserRestControllerImpl.java    From Goku.Framework.CoreUI with MIT License 5 votes vote down vote up
@Override
@RequestMapping("/roleauth")
@RequiresRoles("admin_sys")
@RequiresPermissions(value={"sys:user:roleauth"})
public String roleauth(@RequestBody Map<String, Object> sys) {
    List<SysRole> sysRoles = JSON.parseObject(String.valueOf(JSON.toJSON(sys.get("sysRoles"))), new TypeReference<List<SysRole>>() {});
    String userid= (String) sys.get("userid");
    int result=sysUserService.roleauth(sysRoles,userid);
    if(result>0) {
        return JSON.toJSONString ("true");
    }else{
        return JSON.toJSONString ("false");
    }
}