公司采购了shop++这套软件,后续公司要求拓展的新的功能,其中就有一个问题,添加新的权限。这套系统采用的是shiro安全框架,通过尝试,最后成功了。


在shop++中代码的实现步骤

1、在applicationContext-shiro.xml配置中配置权限路径


<property name="filterChainDefinitions">

<value>

/admin/ = anon

/admin/index.jsp = anon

/admin/login.jsp = authc

/admin/logout.jsp = logout

/admin/common/captcha.jhtml = anon


/admin/setting/** = perms["admin:setting"]

/admin/payment_plugin/** = perms["admin:paymentPlugin"]

/admin/storage_plugin/** = perms["admin:storagePlugin"]

/admin/login_plugin/** = perms["admin:loginPlugin"]

/admin/admin/** = perms["admin:admin"]

/admin/role/** = perms["admin:role"]

/admin/message/** = perms["admin:message"]

/admin/mail_sms/** = perms["admin:mailSms"]

/admin/log/** = perms["admin:log"]

/admin/** = authc

</value>

</property>

         /admin/message/**     要拦截的路径,/**代表下面所有的目录,/*只代表下面的目录

perms["admin:message"] admin:message权限字符串



2、在后台主页面main.ftl中设置权限字符串如:admin:shipping

[#list ["admin:order", "admin:payment", "admin:refunds", "admin:shipping", "admin:returns", "admin:deliveryCenter", "admin:deliveryTemplate"] as permission]

[@shiro.hasPermission name = permission]

<li>

<a href="#order">${message("admin.main.orderNav")}</a>

</li>

[#break /]

[/@shiro.hasPermission]

[/#list]

[@shiro.hasPermission name="admin:brand"]

<dd>

<a href="../brand/list.jhtml" target="iframe">${message("admin.main.brand")}</a>

</dd>

[/@shiro.hasPermission]


3、修改超级管理员的角色 勾选新增的权限。