自定义（补充）shiro标签

shiro提供了jsp标签用于页面上的权限控制，有hasAnyRoles,hasPermission等标签，但是却没提供hasAnyPermission标签，有点不大方便。

这时候我们完全可以仿照shiro的源码，进行照猫画虎，扩充一下。

shiro的标签定义文件在shiro-all.jar下的META-INF目录下的shiro.tld中，打开文件后我们可以看到如下标签的定义：

[html] view plain copy

<embed id="ZeroClipboardMovie_1" src="https://csdnimg.cn/public/highlighter/ZeroClipboard.swf" loop="false" menu="false" quality="best" bgcolor="#ffffff" name="ZeroClipboardMovie_1" allowscriptaccess="always" allowfullscreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="id=1&width=16&height=16" wmode="transparent" width="16" height="16" align="middle">

1. <taglib>
2. <tlib-version>1.1.2</tlib-version>
3. <jsp-version>1.2</jsp-version>
4. <short-name>Apache Shiro</short-name>
5. <uri>http://shiro.apache.org/tags</uri>
6. <description>Apache Shiro JSP Tag Library.</description>
7. <tag>
8. <name>hasPermission</name>
9. <tag-class>org.apache.shiro.web.tags.HasPermissionTag</tag-class>
10. <body-content>JSP</body-content>
11. <description>Displays body content only if the current Subject (user)
12. 'has' (implies) the specified permission (i.e the user has the specified ability).
13. </description>
14. <attribute>
15. <name>name</name>
16. <required>true</required>
17. <rtexprvalue>true</rtexprvalue>
18. </attribute>
19. </tag>
20. <tag>
21. <name>hasAnyRoles</name>
22. <tag-class>org.apache.shiro.web.tags.HasAnyRolesTag</tag-class>
23. <body-content>JSP</body-content>
24. <description>Displays body content only if the current user has one of the specified roles from a
25. comma-separated list of role names.
26. </description>
27. <attribute>
28. <name>name</name>
29. <required>true</required>
30. <rtexprvalue>true</rtexprvalue>
31. </attribute>
32. </tag>
33. </taglib>

该文件中定义了每个标签的名字和相应的标签的实现类。我们要补充一个hasAnyPermission的标签，该标签的逻辑和hasAnyRoles有些类似。我们先打开hasAnyRoles的实现类看看，然后照猫画虎做一个hasAnyPermission的标签。

[java] view plain copy

<embed id="ZeroClipboardMovie_2" src="https://csdnimg.cn/public/highlighter/ZeroClipboard.swf" loop="false" menu="false" quality="best" bgcolor="#ffffff" name="ZeroClipboardMovie_2" allowscriptaccess="always" allowfullscreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="id=2&width=16&height=16" wmode="transparent" width="16" height="16" align="middle">

1. package org.apache.shiro.web.tags;
2. import org.apache.shiro.subject.Subject;
3. public class HasAnyRolesTag extends RoleTag {
4. private static final String ROLE_NAMES_DELIMETER = ",";
5. public HasAnyRolesTag() {
6. }
7. protected boolean showTagBody(String roleNames) {
8. boolean hasAnyRole = false;
9. Subject subject = getSubject();
10. if (subject != null) {
11. for (String role : roleNames.split(ROLE_NAMES_DELIMETER)) {
12. if (subject.hasRole(role.trim())) {
13. hasAnyRole = true;
14. break;
15. }
16. }
17. }
18. return hasAnyRole;
19. }
20. }

以上是hasAnyRolesTag的实现类，我们仿照这个实现hasAnyPermission:

[java] view plain copy

<embed id="ZeroClipboardMovie_3" src="https://csdnimg.cn/public/highlighter/ZeroClipboard.swf" loop="false" menu="false" quality="best" bgcolor="#ffffff" name="ZeroClipboardMovie_3" allowscriptaccess="always" allowfullscreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="id=3&width=16&height=16" wmode="transparent" width="16" height="16" align="middle">

1. package org.apache.shiro.web.tags;
2. import org.apache.shiro.subject.Subject;
3. public class HasAnyPermissionTag extends PermissionTag {
4. private static final long serialVersionUID = 1L;
5. private static final String PERMISSION_NAMES_DELIMETER = ",";
6. public HasAnyPermissionTag() {
7. }
8. @Override
9. protected boolean showTagBody(String permissions) {
10. boolean hasAnyPermission = false;
11. Subject subject = getSubject();
12. if (subject != null) {
13. for (String permission : permissions
14. .split(PERMISSION_NAMES_DELIMETER)) {
15. if (subject.isPermitted(permission.trim())) {
16. hasAnyPermission = true;
17. break;
18. }
19. }
20. }
21. return hasAnyPermission;
22. }
23. }

将该源代码编译成class字节码文件，扔进jar包的\org\apache\shiro\web\tags目录下
并在jar包里的shiro.tld文件中加入以下代码指定标签：

[html] view plain copy

<embed id="ZeroClipboardMovie_4" src="https://csdnimg.cn/public/highlighter/ZeroClipboard.swf" loop="false" menu="false" quality="best" bgcolor="#ffffff" name="ZeroClipboardMovie_4" allowscriptaccess="always" allowfullscreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="id=4&width=16&height=16" wmode="transparent" width="16" height="16" align="middle">

1. <tag>
2. <name>hasAnyPermission</name>
3. <tag-class>org.apache.shiro.web.tags.HasAnyPermissionTag</tag-class>
4. <body-content>JSP</body-content>
5. <description>Displays body content only if the current Subject (user)
6. 'has' (implies) one of the specified permission (i.e the user has the specified ability) form a list of permissions.
7. </description>
8. <attribute>
9. <name>name</name>
10. <required>true</required>
11. <rtexprvalue>true</rtexprvalue>
12. </attribute>
13. </tag>

OK，搞定，到页面上测试一下：

[html] view plain copy

<embed id="ZeroClipboardMovie_5" src="https://csdnimg.cn/public/highlighter/ZeroClipboard.swf" loop="false" menu="false" quality="best" bgcolor="#ffffff" name="ZeroClipboardMovie_5" allowscriptaccess="always" allowfullscreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="id=5&width=16&height=16" wmode="transparent" width="16" height="16" align="middle">

1. <shiro:hasAnyPermission name="sys_config:policy,
2. sys_config:server,
3. sys_config:logdown,
4. sys_config:keyword,
5. sys_config:audit,
6. sys_config:sysinfo">
7. <li id="4"><a href="javascript:changeMainMenu(4)"><i class="tables"></i>系统配置</a></li>
8. </shiro:hasAnyPermission>

表示如果当前用户拥有以下权限的任何一个权限，那么该菜单就会显示，好的，可以了。

收工。