差别

这里会显示出您选择的修订版和当前版本之间的差别。

--- 分享:技术:shiro:spring整合shiro实现权限管理 [2015/09/20 23:01]
gxx 创建
+++ 分享:技术:shiro:spring整合shiro实现权限管理 [2015/09/21 14:11] (当前版本)
gxx
@@ 行 1: / 行 1: @@
 ====== spring整合shiro实现权限管理 ======
+===== 加入pom依赖 =====
+<code xml pom.xml>
+<dependencies>
+	<!-- apache shiro security depandences -->
+	<dependency>
+		<groupId>org.apache.shiro</groupId>
+		<artifactId>shiro-core</artifactId>
+		<version>1.2.3</version>
+	</dependency>
+	<dependency>
+		<groupId>org.apache.shiro</groupId>
+		<artifactId>shiro-web</artifactId>
+		<version>1.2.3</version>
+	</dependency>
+	<dependency>
+		<groupId>org.apache.shiro</groupId>
+		<artifactId>shiro-spring</artifactId>
+		<version>1.2.3</version>
+	</dependency>
+</dependencies>
+</code>
+===== web.xml =====
+<code xml web.xml>
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd" >
+<web-app>
+    <display-name>Archetype Created Web Application</display-name>
+    <!-- Context Configuration locations for Spring XML files -->
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>
+        	classpath*:/application-*.xml,
+        	classpath*:/hessian-servlet.xml
+		</param-value>
+    </context-param>
+    <filter>
+        <filter-name>encodingFilter</filter-name>
+        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
+        <init-param>
+            <param-name>encoding</param-name>
+            <param-value>UTF-8</param-value>
+        </init-param>
+        <init-param>
+            <param-name>forceEncoding</param-name>
+            <param-value>true</param-value>
+        </init-param>
+    </filter>
+    <filter-mapping>
+        <filter-name>encodingFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+    <!-- shiro -->
+    <!-- 配置Shiro过滤器,先让Shiro过滤系统接收到的请求 -->
+    <!-- 这里filter-name必须对应applicationContext.xml中定义的<bean id="shiroFilter"/> -->
+    <!-- 使用[/*]匹配所有请求,保证所有的可控请求都经过Shiro的过滤 -->
+    <!-- 通常会将此filter-mapping放置到最前面(即其他filter-mapping前面),以保证它是过滤器链中第一个起作用的 -->
+	<filter>
+		<filter-name>shiroFilter</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+		<init-param>
+			<!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
+			<param-name>targetFilterLifecycle</param-name>
+			<param-value>true</param-value>
+		</init-param>
+	</filter>
+    <filter-mapping>
+		<filter-name>shiroFilter</filter-name>
+		<url-pattern>*.htm</url-pattern>
+	</filter-mapping>
+    <!-- serlvet listeners -->
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+    <listener>
+        <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
+    </listener>
+	<!-- spring MVC -->
+    <servlet>
+        <servlet-name>dispatcher</servlet-name>
+        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+       <init-param>
+			<param-name>contextConfigLocation</param-name>
+			<param-value>classpath*:/spring-mvc.xml</param-value>
+		</init-param>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+ 	<servlet-mapping>
+        <servlet-name>dispatcher</servlet-name>
+        <url-pattern>*.htm</url-pattern>
+    </servlet-mapping>
+    <!-- hessian -->
+    <servlet>
+        <servlet-name>hessian</servlet-name>
+        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+        <load-on-startup>4</load-on-startup>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>hessian</servlet-name>
+        <url-pattern>/hessian/*</url-pattern>
+    </servlet-mapping>
+    <!-- welcome file list config -->
+ 	<welcome-file-list>
+  		<welcome-file>index.jsp</welcome-file>
+ 	</welcome-file-list>
+    <jsp-config>
+		<jsp-property-group>
+			<display-name>JSPConfiguration</display-name>
+			<url-pattern>*.jsp</url-pattern>
+			<page-encoding>UTF-8</page-encoding>
+		</jsp-property-group>
+	</jsp-config>
+</web-app>
+</code>
+===== application-shiro.xml =====
+<code xml application-shiro.xml>
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
+	xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:jpa="http://www.springframework.org/schema/data/jpa"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="
+		http://www.springframework.org/schema/beans
+		http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
+		http://www.springframework.org/schema/util
+		http://www.springframework.org/schema/util/spring-util-4.0.xsd
+		http://www.springframework.org/schema/context
+		http://www.springframework.org/schema/context/spring-context-4.0.xsd">
+	<!-- 继承自AuthorizingRealm的自定义Realm,即指定Shiro验证用户登录的类为自定义的ManageAuthorizingRealm.java -->
+	<bean id="manageAuthorizingRealm" class="com.gxx.manage.shiro.ManageAuthorizingRealm" />
+	<!-- Shiro默认会使用Servlet容器的Session,可通过sessionMode属性来指定使用Shiro原生Session -->
+	<!-- 即<property name="sessionMode" value="native"/>,详细说明见官方文档 -->
+	<!-- 这里主要是设置自定义的单Realm应用,若有多个Realm,可使用'realms'属性代替 -->
+	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
+		<property name="realm" ref="manageAuthorizingRealm" />
+	</bean>
+	<!-- Shiro主过滤器本身功能十分强大,其强大之处就在于它支持任何基于URL路径表达式的、自定义的过滤器的执行 -->
+	<!-- Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持 -->
+	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
+		<!-- Shiro的核心安全接口,这个属性是必须的 -->
+		<property name="securityManager" ref="securityManager" />
+		<!-- 要求登录时的链接(可根据项目的URL进行替换),非必须的属性,默认会自动寻找Web工程根目录下的"/login.jsp"页面 -->
+		<property name="loginUrl" value="/login.htm" />
+		<!-- 登录成功后要跳转的连接(本例中此属性用不到,因为登录成功后的处理逻辑在LoginController里硬编码为main.jsp了) -->
+		<!-- <property name="successUrl" value="/system/main"/> -->
+		<!-- 用户访问未对其授权的资源时,所显示的连接 -->
+		<!-- 若想更明显的测试此属性可以修改它的值,如unauthor.jsp,然后用[玄玉]登录后访问/admin/listUser.jsp就看见浏览器会显示unauthor.jsp -->
+		<property name="unauthorizedUrl" value="/unauthorized.htm" />
+		<!-- 过滤器定义 -->
+		<property name="filters">
+	        <map>
+	            <entry key="perms" value-ref="urlPermissionsFilter" />
+	        </map>
+	    </property>
+		<!-- Shiro连接约束配置,即过滤链的定义 -->
+		<!-- 此处可配合我的这篇文章来理解各个过滤连的作用http://blog.csdn.net/jadyer/article/details/12172839 -->
+		<!-- 下面value值的第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的 -->
+		<!-- anon：它对应的过滤器里面是空的,什么都没做,这里.do和.jsp后面的*表示参数,比方说login.jsp?main这种 -->
+		<!-- authc：该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter -->
+		<property name="filterChainDefinitions">
+			<value>
+				/login.htm=anon
+				/logout.htm=logout
+				/unauthorized.htm=anon
+				/** = authc,perms
+			</value>
+		</property>
+	</bean>
+	<!-- 自定义鉴权拦截器 -->
+	<!-- 基于URL的权限判断过滤器 我们自动根据URL产生所谓的权限字符串，这一项在Shiro示例中是写在配置文件里面的，默认认为权限不可动态配置 -->
+	<bean id="urlPermissionsFilter" class="com.gxx.manage.shiro.UrlPermissionsFilter" />
+	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
+	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
+	<!-- 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证 -->
+	<!-- 配置以下两个bean即可实现此功能 -->
+	<!-- Enable Shiro Annotations for Spring-configured beans. Only run after
+		the lifecycleBeanProcessor has run -->
+	<!-- 由于本例中并未使用Shiro注解,故注释掉这两个bean(个人觉得将权限通过注解的方式硬编码在程序中,查看起来不是很方便,没必要使用) -->
+	<!--
+		<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
+			depends-on="lifecycleBeanPostProcessor"/>
+		<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
+			<property name="securityManager" ref="securityManager"/>
+		</bean>
+	 -->
+</beans>
+</code>
+===== UrlPermissionsFilter.java =====
+<code java UrlPermissionsFilter.java>
+package com.gxx.manage.shiro;
+import java.io.IOException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.log4j.Logger;
+import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
+/**
+ * <dl>
+ * <dt><b>Title:</b></dt>
+ * <dd>
+ * 基于URL的权限判断过滤器 我们自动根据URL产生所谓的权限字符串，这一项在Shiro示例中是写在配置文件里面的，默认认为权限不可动态配置
+ * URL举例：/User/create.do?***=*** -->权限字符串：/User/create.do</dd>
+ * <dt><b>Description:</b></dt>
+ * <dd>
+ * <p>
+ * none</dd>
+ * </dl>
+ *
+ * @author Administrator
+ * @version 1.0, 2015年9月20日
+ * @since manage
+ *
+ */
+public class UrlPermissionsFilter extends PermissionsAuthorizationFilter {
+	/**
+	 * 日志处理器
+	 */
+	Logger logger = Logger.getLogger(UrlPermissionsFilter.class);
+	/**
+	 * 指的是在声明url时指定的权限字符串，如/User/create.do=perms[User:create].
+	 * 我们要动态产生这个权限字符串，所以这个配置对我们没用
+	 */
+	public boolean isAccessAllowed
+		(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
+		return super.isAccessAllowed(request, response, buildPermissions(request));
+	}
+	/**
+	 * 根据请求URL产生权限字符串，这里只产生，而比对的事交给Realm
+	 * @param request
+	 * @return
+	 */
+	protected String[] buildPermissions(ServletRequest request) {
+		String path = ((HttpServletRequest) request).getServletPath();
+		logger.info("请求地址对应的Url权限:" + path);
+		return new String[]{path};
+	}
+}
+</code>
+===== ManageAuthorizingRealm.java =====
+<code java ManageAuthorizingRealm.java>
+package com.gxx.manage.shiro;
+import java.util.List;
+import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
+import org.apache.commons.lang3.builder.ToStringStyle;
+import org.apache.log4j.Logger;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.springframework.beans.factory.annotation.Autowired;
+import com.gxx.manage.base.vo.Permission;
+import com.gxx.manage.base.vo.Role;
+import com.gxx.manage.base.vo.User;
+import com.gxx.manage.service.UserService;
+/**
+ * <dl>
+ *    <dt><b>Title:</b></dt>
+ *    <dd>
+ *    	自定义授权领域类
+ *    </dd>
+ *    <dt><b>Description:</b></dt>
+ *    <dd>
+ *    	<p>none
+ *    </dd>
+ * </dl>
+ *
+ * @author Administrator
+ * @version 1.0, 2015年9月19日
+ * @since manage
+ *
+ */
+public class ManageAuthorizingRealm extends AuthorizingRealm {
+	/**
+	 * 日志处理器
+	 */
+	Logger logger = Logger.getLogger(ManageAuthorizingRealm.class);
+	@Autowired
+	UserService userService;
+	/**
+     * 为当前登录的Subject授予角色和权限
+     * @see  经测试:本例中该方法的调用时机为需授权资源被访问时
+     * @see  经测试:并且每次访问需授权资源时都会执行该方法中的逻辑,这表明本例中默认并未启用AuthorizationCache
+     * @see  个人感觉若使用了Spring3.1开始提供的ConcurrentMapCache支持,则可灵活决定是否启用AuthorizationCache
+     * @see  比如说这里从数据库获取权限信息时,先去访问Spring3.1提供的缓存,而不使用Shior提供的AuthorizationCache
+     */
+	@Override
+	protected AuthorizationInfo doGetAuthorizationInfo(
+			PrincipalCollection principals) {
+		/**
+		 * 获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()
+		 */
+        String currentUsername = (String)super.getAvailablePrincipal(principals);
+        logger.info("为当前登录的Subject授予角色和权限，用户名:" + currentUsername);
+        User user = userService.getUserByName(currentUsername);
+        if(null == user){
+        	/**
+        	 * 不存在用户则返回null
+        	 */
+        	logger.error("不存在用户");
+        	return null;
+        }
+        /**
+         * 为当前用户查询角色和权限
+         */
+        SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
+        List<Role> roles = userService.queryRolesByUserId(user.getId());
+        for(Role role : roles){
+        	logger.info("拥有角色:" + role.getRole());
+        	simpleAuthorInfo.addRole(role.getRole());
+        	List<Permission> permissions = userService.queryPermissionsByRoleId(role.getId());
+        	for(Permission permission : permissions){
+            	logger.info("拥有权限:" + permission.getPermission());
+        		simpleAuthorInfo.addStringPermission(permission.getPermission());
+        	}
+        }
+		return simpleAuthorInfo;
+	}
+	/**
+	 * 验证当前登录的Subject
+	 */
+	@Override
+	protected AuthenticationInfo doGetAuthenticationInfo(
+			AuthenticationToken token) throws AuthenticationException {
+		/**
+		 * 获取基于用户名和密码的令牌
+		 * 实际上这个token是从LoginController里面currentUser.login(token)传过来的
+		 * 两个token的引用都是一样的
+		 */
+        logger.info("验证当前Subject时获取到token为" + ReflectionToStringBuilder.
+        		toString(((UsernamePasswordToken)token), ToStringStyle.MULTI_LINE_STYLE));
+        User user = userService.getUserByName(((UsernamePasswordToken)token).getUsername());
+        if(null == user){
+        	/**
+        	 * 不存在用户则返回null
+        	 */
+        	return null;
+        }
+        /**
+         * 这里不用比较，直接返回就好，shiro会自动比较
+         */
+        AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo
+        		(user.getName(), user.getPassword(), this.getName());
+        return authenticationInfo;
+	}
+}
+</code>
+===== LoginController.java =====
+<code java LoginController.java>
+package com.gxx.manage.web.account;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.IncorrectCredentialsException;
+import org.apache.shiro.authc.LockedAccountException;
+import org.apache.shiro.authc.UnknownAccountException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.subject.Subject;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+/**
+ * UserController
+ *
+ * @author gxx
+ */
+@Controller
+public class LoginController {
+	/**
+	 * 日志处理器
+	 */
+	private final Logger logger = Logger.getLogger(LoginController.class);
+	/**
+	 * 访问登录页
+	 * @return
+	 */
+	@RequestMapping(value = "/login", method = RequestMethod.GET)
+	public String loginGet() {
+		logger.info("访问/login");
+		/**
+		 * 如果已登录，直接跳到登录后页面
+		 */
+		Subject currentUser = SecurityUtils.getSubject();
+		if( currentUser!=null && currentUser.getPrincipal()!=null ){
+			return "/index";
+		}
+		return "account/login";
+	}
+	/**
+	 * 访问无权限页
+	 * @return
+	 */
+	@RequestMapping(value = "/unauthorized")
+	public String unauthorized() {
+		logger.info("访问/unauthorized");
+		return "unauthorized";
+	}
+	/**
+	 * 登录提交
+	 * @param request
+	 * @return
+	 */
+	@RequestMapping(value = "/login", method = RequestMethod.POST)
+	public String loginPost(HttpServletRequest request) {
+		logger.info("登录提交，用户名:[" + request.getParameter("username")
+				 + "],密码:[" + request.getParameter("password") + "]");
+		/**
+		 * 自定义授权领域 验证用户
+		 */
+		Subject currentUser = SecurityUtils.getSubject();
+		UsernamePasswordToken token = new UsernamePasswordToken(request.getParameter("username"), request.getParameter("password"));
+		try{
+			currentUser.login(token);
+		} catch (UnknownAccountException uae){
+			logger.error("未知账户！");
+		} catch (IncorrectCredentialsException ice){
+			logger.error("密码错误！");
+		} catch (LockedAccountException lae){
+			logger.error("账户锁定！");
+		}//以及其他异常
+		/**
+		 * 判断是否校验通过
+		 */
+		if(currentUser.isAuthenticated()){
+			logger.info("用户验证通过！");
+			return "/index";
+		} else {
+			token.clear();
+			return "account/login";
+		}
+	}
+	/**
+	 * 登出，可以不写，因为配置文件中已配置：/logout.htm=logout
+	 * @return
+	@RequestMapping(value = "/logout")
+	public String logout() {
+		logger.info("访问/logout");
+		/**
+		 * shiro登出
+		Subject subject = SecurityUtils.getSubject();
+		subject.logout();
+		return "account/login";
+	}
+	 */
+}
+</code>
+===== UserService.java =====
+<code java UserService.java>
+package com.gxx.manage.service;
+import java.util.List;
+import com.gxx.manage.base.vo.Permission;
+import com.gxx.manage.base.vo.Role;
+import com.gxx.manage.base.vo.User;
+/**
+ * <dl>
+ *    <dt><b>Title:</b></dt>
+ *    <dd>
+ *    	用户服务接口
+ *    </dd>
+ *    <dt><b>Description:</b></dt>
+ *    <dd>
+ *    	<p>none
+ *    </dd>
+ * </dl>
+ *
+ * @author Administrator
+ * @version 1.0, 2015年6月18日
+ * @since manage
+ *
+ */
+public interface UserService {
+	/**
+	 * 新增用户
+	 * @param user
+	 */
+	public void doSaveUser(User user);
+	/**
+	 * 根据姓名查用户
+	 * @param name
+	 * @return
+	 */
+	public User getUserByName(String name);
+	/**
+     * 根据用户ID查询角色集合
+     * @param userId
+     * @return
+     */
+	public List<Role> queryRolesByUserId(int userId);
+    /**
+     * 根据角色ID查询权限集合
+     * @param roleId
+     * @return
+     */
+	public List<Permission> queryPermissionsByRoleId(int roleId);
+}
+</code>
+===== UserServiceImpl.java =====
+<code java UserServiceImpl.java>
+package com.gxx.manage.service.impl;
+import java.util.List;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import com.gxx.manage.base.dao.UserMapper;
+import com.gxx.manage.base.vo.Permission;
+import com.gxx.manage.base.vo.Role;
+import com.gxx.manage.base.vo.User;
+import com.gxx.manage.service.UserService;
+/**
+ * <dl>
+ *    <dt><b>Title:</b></dt>
+ *    <dd>
+ *    	用户服务实现类
+ *    </dd>
+ *    <dt><b>Description:</b></dt>
+ *    <dd>
+ *    	<p>none
+ *    </dd>
+ * </dl>
+ *
+ * @author Administrator
+ * @version 1.0, 2015年6月18日
+ * @since manage
+ *
+ */
+@Service("userService")
+public class UserServiceImpl implements UserService {
+	@Autowired
+	private UserMapper userDao;
+	/**
+	 * 新增用户
+	 * @param user
+	 */
+	public void doSaveUser(User user) {
+		userDao.insert(user);
+	}
+	/**
+	 * 根据姓名查用户
+	 * @param name
+	 * @return
+	 */
+	public User getUserByName(String name) {
+		return userDao.getUserByName(name);
+	}
+	/**
+     * 根据用户ID查询角色集合
+     * @param userId
+     * @return
+     */
+	public List<Role> queryRolesByUserId(int userId){
+    	return userDao.queryRolesByUserId(userId);
+    }
+    /**
+     * 根据角色ID查询权限集合
+     * @param roleId
+     * @return
+     */
+	public List<Permission> queryPermissionsByRoleId(int roleId){
+    	return userDao.queryPermissionsByRoleId(roleId);
+    }
+}
+</code>
+===== User.java =====
+<code java User.java>
+package com.gxx.manage.base.vo;
+public class User {
+    private Integer id;
+    private String name;
+    private String password;
+    private String createDate;
+    private String createTime;
+    public Integer getId() {
+        return id;
+    }
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public String getName() {
+        return name;
+    }
+    public void setName(String name) {
+        this.name = name == null ? null : name.trim();
+    }
+    public String getPassword() {
+        return password;
+    }
+    public void setPassword(String password) {
+        this.password = password == null ? null : password.trim();
+    }
+    public String getCreateDate() {
+        return createDate;
+    }
+    public void setCreateDate(String createDate) {
+        this.createDate = createDate == null ? null : createDate.trim();
+    }
+    public String getCreateTime() {
+        return createTime;
+    }
+    public void setCreateTime(String createTime) {
+        this.createTime = createTime == null ? null : createTime.trim();
+    }
+}
+</code>
+===== Role.java =====
+<code java Role.java>
+package com.gxx.manage.base.vo;
+public class Role {
+    private Integer id;
+    private String role;
+    public Integer getId() {
+        return id;
+    }
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public String getRole() {
+        return role;
+    }
+    public void setRole(String role) {
+        this.role = role == null ? null : role.trim();
+    }
+}
+</code>
+===== UserRole.java =====
+<code java UserRole.java>
+package com.gxx.manage.base.vo;
+public class UserRole {
+    private Integer id;
+    private Integer userId;
+    private Integer roleId;
+    public Integer getId() {
+        return id;
+    }
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public Integer getUserId() {
+        return userId;
+    }
+    public void setUserId(Integer userId) {
+        this.userId = userId;
+    }
+    public Integer getRoleId() {
+        return roleId;
+    }
+    public void setRoleId(Integer roleId) {
+        this.roleId = roleId;
+    }
+}
+</code>
+===== Permission.java =====
+<code java Permission.java>
+package com.gxx.manage.base.vo;
+public class Permission {
+    private Integer id;
+    private String permission;
+    public Integer getId() {
+        return id;
+    }
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public String getPermission() {
+        return permission;
+    }
+    public void setPermission(String permission) {
+        this.permission = permission == null ? null : permission.trim();
+    }
+}
+</code>
+===== RolePermission.java =====
+<code java RolePermission.java>
+package com.gxx.manage.base.vo;
+public class RolePermission {
+    private Integer id;
+    private Integer roleId;
+    private Integer permissionId;
+    public Integer getId() {
+        return id;
+    }
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public Integer getRoleId() {
+        return roleId;
+    }
+    public void setRoleId(Integer roleId) {
+        this.roleId = roleId;
+    }
+    public Integer getPermissionId() {
+        return permissionId;
+    }
+    public void setPermissionId(Integer permissionId) {
+        this.permissionId = permissionId;
+    }
+}
+</code>
+===== UserMapper.java =====
+<code java UserMapper.java>
+package com.gxx.manage.base.dao;
+import java.util.List;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
+import org.springframework.stereotype.Repository;
+import com.gxx.manage.base.vo.Permission;
+import com.gxx.manage.base.vo.Role;
+import com.gxx.manage.base.vo.User;
+@Repository
+public interface UserMapper {
+    int deleteByPrimaryKey(Integer id);
+    int insert(User record);
+    int insertSelective(User record);
+    User selectByPrimaryKey(Integer id);
+    int updateByPrimaryKeySelective(User record);
+    int updateByPrimaryKey(User record);
+    /**
+     * 根据姓名查用户
+     * @param name
+     * @return
+     */
+    User getUserByName(String name);
+    /**
+     * 根据用户ID查询角色集合
+     * @param userId
+     * @return
+     */
+    @Select("SELECT * FROM ROLE WHERE ID IN(SELECT ROLE_ID FROM USER_ROLE WHERE USER_ID=#{userId})")
+    List<Role> queryRolesByUserId(@Param("userId")int userId);
+    /**
+     * 根据角色ID查询权限集合
+     * @param roleId
+     * @return
+     */
+    @Select("SELECT * FROM PERMISSION WHERE ID IN(SELECT PERMISSION_ID FROM ROLE_PERMISSION WHERE ROLE_ID=#{roleId})")
+    List<Permission> queryPermissionsByRoleId(@Param("roleId")int roleId);
+}
+</code>
+===== RoleMapper.java =====
+<code java RoleMapper.java>
+package com.gxx.manage.base.dao;
+import org.springframework.stereotype.Repository;
+import com.gxx.manage.base.vo.Role;
+@Repository
+public interface RoleMapper {
+    int deleteByPrimaryKey(Integer id);
+    int insert(Role record);
+    int insertSelective(Role record);
+    Role selectByPrimaryKey(Integer id);
+    int updateByPrimaryKeySelective(Role record);
+    int updateByPrimaryKey(Role record);
+}
+</code>
+===== UserRoleMapper.java =====
+<code java UserRoleMapper.java>
+package com.gxx.manage.base.dao;
+import org.springframework.stereotype.Repository;
+import com.gxx.manage.base.vo.UserRole;
+@Repository
+public interface UserRoleMapper {
+    int deleteByPrimaryKey(Integer id);
+    int insert(UserRole record);
+    int insertSelective(UserRole record);
+    UserRole selectByPrimaryKey(Integer id);
+    int updateByPrimaryKeySelective(UserRole record);
+    int updateByPrimaryKey(UserRole record);
+}
+</code>
+===== PermissionMapper.java =====
+<code java PermissionMapper.java>
+package com.gxx.manage.base.dao;
+import org.springframework.stereotype.Repository;
+import com.gxx.manage.base.vo.Permission;
+@Repository
+public interface PermissionMapper {
+    int deleteByPrimaryKey(Integer id);
+    int insert(Permission record);
+    int insertSelective(Permission record);
+    Permission selectByPrimaryKey(Integer id);
+    int updateByPrimaryKeySelective(Permission record);
+    int updateByPrimaryKey(Permission record);
+}
+</code>
+===== RolePermissionMapper.java =====
+<code java RolePermissionMapper.java>
+package com.gxx.manage.base.dao;
+import org.springframework.stereotype.Repository;
+import com.gxx.manage.base.vo.RolePermission;
+@Repository
+public interface RolePermissionMapper {
+    int deleteByPrimaryKey(Integer id);
+    int insert(RolePermission record);
+    int insertSelective(RolePermission record);
+    RolePermission selectByPrimaryKey(Integer id);
+    int updateByPrimaryKeySelective(RolePermission record);
+    int updateByPrimaryKey(RolePermission record);
+}
+</code>
+===== UserMapper.xml =====
+<code xml UserMapper.xml>
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.gxx.manage.base.dao.UserMapper">
+  <resultMap id="BaseResultMap" type="com.gxx.manage.base.vo.User">
+    <id column="ID" jdbcType="INTEGER" property="id" />
+    <result column="NAME" jdbcType="VARCHAR" property="name" />
+    <result column="PASSWORD" jdbcType="VARCHAR" property="password" />
+    <result column="CREATE_DATE" jdbcType="VARCHAR" property="createDate" />
+    <result column="CREATE_TIME" jdbcType="VARCHAR" property="createTime" />
+  </resultMap>
+  <sql id="Base_Column_List">
+    ID, NAME, PASSWORD, CREATE_DATE, CREATE_TIME
+  </sql>
+  <select id="selectByPrimaryKey" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+    select
+    <include refid="Base_Column_List" />
+    from user
+    where ID = #{id,jdbcType=INTEGER}
+  </select>
+  <delete id="deleteByPrimaryKey" parameterType="java.lang.Integer">
+    delete from user
+    where ID = #{id,jdbcType=INTEGER}
+  </delete>
+  <insert id="insert" parameterType="com.gxx.manage.base.vo.User">
+    insert into user (ID, NAME, PASSWORD,
+      CREATE_DATE, CREATE_TIME)
+    values (#{id,jdbcType=INTEGER}, #{name,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR},
+      #{createDate,jdbcType=VARCHAR}, #{createTime,jdbcType=VARCHAR})
+  </insert>
+  <insert id="insertSelective" parameterType="com.gxx.manage.base.vo.User">
+    insert into user
+    <trim prefix="(" suffix=")" suffixOverrides=",">
+      <if test="id != null">
+        ID,
+      </if>
+      <if test="name != null">
+        NAME,
+      </if>
+      <if test="password != null">
+        PASSWORD,
+      </if>
+      <if test="createDate != null">
+        CREATE_DATE,
+      </if>
+      <if test="createTime != null">
+        CREATE_TIME,
+      </if>
+    </trim>
+    <trim prefix="values (" suffix=")" suffixOverrides=",">
+      <if test="id != null">
+        #{id,jdbcType=INTEGER},
+      </if>
+      <if test="name != null">
+        #{name,jdbcType=VARCHAR},
+      </if>
+      <if test="password != null">
+        #{password,jdbcType=VARCHAR},
+      </if>
+      <if test="createDate != null">
+        #{createDate,jdbcType=VARCHAR},
+      </if>
+      <if test="createTime != null">
+        #{createTime,jdbcType=VARCHAR},
+      </if>
+    </trim>
+  </insert>
+  <update id="updateByPrimaryKeySelective" parameterType="com.gxx.manage.base.vo.User">
+    update user
+    <set>
+      <if test="name != null">
+        NAME = #{name,jdbcType=VARCHAR},
+      </if>
+      <if test="password != null">
+        PASSWORD = #{password,jdbcType=VARCHAR},
+      </if>
+      <if test="createDate != null">
+        CREATE_DATE = #{createDate,jdbcType=VARCHAR},
+      </if>
+      <if test="createTime != null">
+        CREATE_TIME = #{createTime,jdbcType=VARCHAR},
+      </if>
+    </set>
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+  <update id="updateByPrimaryKey" parameterType="com.gxx.manage.base.vo.User">
+    update user
+    set NAME = #{name,jdbcType=VARCHAR},
+      PASSWORD = #{password,jdbcType=VARCHAR},
+      CREATE_DATE = #{createDate,jdbcType=VARCHAR},
+      CREATE_TIME = #{createTime,jdbcType=VARCHAR}
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+  <select id="getUserByName" parameterType="java.lang.String" resultMap="BaseResultMap">
+    select
+    <include refid="Base_Column_List" />
+    from user
+    where name = #{name,jdbcType=VARCHAR}
+  </select>
+</mapper>
+</code>
+===== RoleMapper.xml =====
+<code xml RoleMapper.xml>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="com.gxx.manage.base.dao.RoleMapper" >
+  <resultMap id="BaseResultMap" type="com.gxx.manage.base.vo.Role" >
+    <id column="ID" property="id" jdbcType="INTEGER" />
+    <result column="ROLE" property="role" jdbcType="VARCHAR" />
+  </resultMap>
+  <sql id="Base_Column_List" >
+    ID, ROLE
+  </sql>
+  <select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer" >
+    select
+    <include refid="Base_Column_List" />
+    from role
+    where ID = #{id,jdbcType=INTEGER}
+  </select>
+  <delete id="deleteByPrimaryKey" parameterType="java.lang.Integer" >
+    delete from role
+    where ID = #{id,jdbcType=INTEGER}
+  </delete>
+  <insert id="insert" parameterType="com.gxx.manage.base.vo.Role" >
+    insert into role (ID, ROLE)
+    values (#{id,jdbcType=INTEGER}, #{role,jdbcType=VARCHAR})
+  </insert>
+  <insert id="insertSelective" parameterType="com.gxx.manage.base.vo.Role" >
+    insert into role
+    <trim prefix="(" suffix=")" suffixOverrides="," >
+      <if test="id != null" >
+        ID,
+      </if>
+      <if test="role != null" >
+        ROLE,
+      </if>
+    </trim>
+    <trim prefix="values (" suffix=")" suffixOverrides="," >
+      <if test="id != null" >
+        #{id,jdbcType=INTEGER},
+      </if>
+      <if test="role != null" >
+        #{role,jdbcType=VARCHAR},
+      </if>
+    </trim>
+  </insert>
+  <update id="updateByPrimaryKeySelective" parameterType="com.gxx.manage.base.vo.Role" >
+    update role
+    <set >
+      <if test="role != null" >
+        ROLE = #{role,jdbcType=VARCHAR},
+      </if>
+    </set>
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+  <update id="updateByPrimaryKey" parameterType="com.gxx.manage.base.vo.Role" >
+    update role
+    set ROLE = #{role,jdbcType=VARCHAR}
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+</mapper>
+</code>
+===== UserRoleMapper.xml =====
+<code xml UserRoleMapper.xml>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="com.gxx.manage.base.dao.UserRoleMapper" >
+  <resultMap id="BaseResultMap" type="com.gxx.manage.base.vo.UserRole" >
+    <id column="ID" property="id" jdbcType="INTEGER" />
+    <result column="USER_ID" property="userId" jdbcType="INTEGER" />
+    <result column="ROLE_ID" property="roleId" jdbcType="INTEGER" />
+  </resultMap>
+  <sql id="Base_Column_List" >
+    ID, USER_ID, ROLE_ID
+  </sql>
+  <select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer" >
+    select
+    <include refid="Base_Column_List" />
+    from user_role
+    where ID = #{id,jdbcType=INTEGER}
+  </select>
+  <delete id="deleteByPrimaryKey" parameterType="java.lang.Integer" >
+    delete from user_role
+    where ID = #{id,jdbcType=INTEGER}
+  </delete>
+  <insert id="insert" parameterType="com.gxx.manage.base.vo.UserRole" >
+    insert into user_role (ID, USER_ID, ROLE_ID
+      )
+    values (#{id,jdbcType=INTEGER}, #{userId,jdbcType=INTEGER}, #{roleId,jdbcType=INTEGER}
+      )
+  </insert>
+  <insert id="insertSelective" parameterType="com.gxx.manage.base.vo.UserRole" >
+    insert into user_role
+    <trim prefix="(" suffix=")" suffixOverrides="," >
+      <if test="id != null" >
+        ID,
+      </if>
+      <if test="userId != null" >
+        USER_ID,
+      </if>
+      <if test="roleId != null" >
+        ROLE_ID,
+      </if>
+    </trim>
+    <trim prefix="values (" suffix=")" suffixOverrides="," >
+      <if test="id != null" >
+        #{id,jdbcType=INTEGER},
+      </if>
+      <if test="userId != null" >
+        #{userId,jdbcType=INTEGER},
+      </if>
+      <if test="roleId != null" >
+        #{roleId,jdbcType=INTEGER},
+      </if>
+    </trim>
+  </insert>
+  <update id="updateByPrimaryKeySelective" parameterType="com.gxx.manage.base.vo.UserRole" >
+    update user_role
+    <set >
+      <if test="userId != null" >
+        USER_ID = #{userId,jdbcType=INTEGER},
+      </if>
+      <if test="roleId != null" >
+        ROLE_ID = #{roleId,jdbcType=INTEGER},
+      </if>
+    </set>
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+  <update id="updateByPrimaryKey" parameterType="com.gxx.manage.base.vo.UserRole" >
+    update user_role
+    set USER_ID = #{userId,jdbcType=INTEGER},
+      ROLE_ID = #{roleId,jdbcType=INTEGER}
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+</mapper>
+</code>
+===== PermissionMapper.xml =====
+<code xml PermissionMapper.xml>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="com.gxx.manage.base.dao.PermissionMapper" >
+  <resultMap id="BaseResultMap" type="com.gxx.manage.base.vo.Permission" >
+    <id column="ID" property="id" jdbcType="INTEGER" />
+    <result column="PERMISSION" property="permission" jdbcType="VARCHAR" />
+  </resultMap>
+  <sql id="Base_Column_List" >
+    ID, PERMISSION
+  </sql>
+  <select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer" >
+    select
+    <include refid="Base_Column_List" />
+    from permission
+    where ID = #{id,jdbcType=INTEGER}
+  </select>
+  <delete id="deleteByPrimaryKey" parameterType="java.lang.Integer" >
+    delete from permission
+    where ID = #{id,jdbcType=INTEGER}
+  </delete>
+  <insert id="insert" parameterType="com.gxx.manage.base.vo.Permission" >
+    insert into permission (ID, PERMISSION)
+    values (#{id,jdbcType=INTEGER}, #{permission,jdbcType=VARCHAR})
+  </insert>
+  <insert id="insertSelective" parameterType="com.gxx.manage.base.vo.Permission" >
+    insert into permission
+    <trim prefix="(" suffix=")" suffixOverrides="," >
+      <if test="id != null" >
+        ID,
+      </if>
+      <if test="permission != null" >
+        PERMISSION,
+      </if>
+    </trim>
+    <trim prefix="values (" suffix=")" suffixOverrides="," >
+      <if test="id != null" >
+        #{id,jdbcType=INTEGER},
+      </if>
+      <if test="permission != null" >
+        #{permission,jdbcType=VARCHAR},
+      </if>
+    </trim>
+  </insert>
+  <update id="updateByPrimaryKeySelective" parameterType="com.gxx.manage.base.vo.Permission" >
+    update permission
+    <set >
+      <if test="permission != null" >
+        PERMISSION = #{permission,jdbcType=VARCHAR},
+      </if>
+    </set>
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+  <update id="updateByPrimaryKey" parameterType="com.gxx.manage.base.vo.Permission" >
+    update permission
+    set PERMISSION = #{permission,jdbcType=VARCHAR}
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+</mapper>
+</code>
+===== RolePermissionMapper.xml =====
+<code xml RolePermissionMapper.xml>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="com.gxx.manage.base.dao.RolePermissionMapper" >
+  <resultMap id="BaseResultMap" type="com.gxx.manage.base.vo.RolePermission" >
+    <id column="ID" property="id" jdbcType="INTEGER" />
+    <result column="ROLE_ID" property="roleId" jdbcType="INTEGER" />
+    <result column="PERMISSION_ID" property="permissionId" jdbcType="INTEGER" />
+  </resultMap>
+  <sql id="Base_Column_List" >
+    ID, ROLE_ID, PERMISSION_ID
+  </sql>
+  <select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer" >
+    select
+    <include refid="Base_Column_List" />
+    from role_permission
+    where ID = #{id,jdbcType=INTEGER}
+  </select>
+  <delete id="deleteByPrimaryKey" parameterType="java.lang.Integer" >
+    delete from role_permission
+    where ID = #{id,jdbcType=INTEGER}
+  </delete>
+  <insert id="insert" parameterType="com.gxx.manage.base.vo.RolePermission" >
+    insert into role_permission (ID, ROLE_ID, PERMISSION_ID
+      )
+    values (#{id,jdbcType=INTEGER}, #{roleId,jdbcType=INTEGER}, #{permissionId,jdbcType=INTEGER}
+      )
+  </insert>
+  <insert id="insertSelective" parameterType="com.gxx.manage.base.vo.RolePermission" >
+    insert into role_permission
+    <trim prefix="(" suffix=")" suffixOverrides="," >
+      <if test="id != null" >
+        ID,
+      </if>
+      <if test="roleId != null" >
+        ROLE_ID,
+      </if>
+      <if test="permissionId != null" >
+        PERMISSION_ID,
+      </if>
+    </trim>
+    <trim prefix="values (" suffix=")" suffixOverrides="," >
+      <if test="id != null" >
+        #{id,jdbcType=INTEGER},
+      </if>
+      <if test="roleId != null" >
+        #{roleId,jdbcType=INTEGER},
+      </if>
+      <if test="permissionId != null" >
+        #{permissionId,jdbcType=INTEGER},
+      </if>
+    </trim>
+  </insert>
+  <update id="updateByPrimaryKeySelective" parameterType="com.gxx.manage.base.vo.RolePermission" >
+    update role_permission
+    <set >
+      <if test="roleId != null" >
+        ROLE_ID = #{roleId,jdbcType=INTEGER},
+      </if>
+      <if test="permissionId != null" >
+        PERMISSION_ID = #{permissionId,jdbcType=INTEGER},
+      </if>
+    </set>
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+  <update id="updateByPrimaryKey" parameterType="com.gxx.manage.base.vo.RolePermission" >
+    update role_permission
+    set ROLE_ID = #{roleId,jdbcType=INTEGER},
+      PERMISSION_ID = #{permissionId,jdbcType=INTEGER}
+    where ID = #{id,jdbcType=INTEGER}
+  </update>
+</mapper>
+</code>
+===== login.ftl =====
+<code html login.ftl>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+	<head>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+		<title>登录页面</title>
+	</head>
+	<body>
+		<form action="/manage/login.htm" method="post">
+			<table border="1">
+				<tr><td>用户名：</td><td><input type="text" name="username" placeholder="请输入账号" /></td></tr>
+				<tr><td>密码：</td><td><input type="password" name="password" placeholder="请输入密码" /></td></tr>
+				<tr><td colspan="2" align="center"><input type="submit" value="提交"/></td></tr>
+			</table>
+		</form>
+	</body>
+</html>
+</code>
+===== index.ftl =====
+<code html index.ftl>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+	<head>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+		<title>登录后首页</title>
+	</head>
+	<body>
+		登录成功！
+	</body>
+</html>
+</code>
+===== unauthorized.ftl =====
+<code html unauthorized.ftl>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+	<head>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+		<title>无权限首页</title>
+	</head>
+	<body>
+		您无该权限！
+	</body>
+</html>
+</code>
+===== manage.sql =====
+<code sql manage.sql>
+create database manage;
+use manage;
+CREATE TABLE `user` (
+  `ID` int(10) unsigned NOT NULL auto_increment,
+  `NAME` varchar(45) NOT NULL,
+  `PASSWORD` varchar(45) NOT NULL,
+  `CREATE_DATE` varchar(8) NOT NULL,
+  `CREATE_TIME` varchar(6) NOT NULL,
+  PRIMARY KEY  USING BTREE (`ID`)
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COMMENT='用户表';
+CREATE TABLE `role` (
+  `ID` int(10) unsigned NOT NULL auto_increment,
+  `ROLE` varchar(45) NOT NULL,
+  PRIMARY KEY  USING BTREE (`ID`)
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COMMENT='角色表';
+CREATE TABLE `user_role` (
+  `ID` int(10) unsigned NOT NULL auto_increment,
+  `USER_ID` int(10) unsigned NOT NULL,
+  `ROLE_ID` int(10) unsigned NOT NULL,
+  PRIMARY KEY  USING BTREE (`ID`)
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COMMENT='用户角色表';
+CREATE TABLE `permission` (
+  `ID` int(10) unsigned NOT NULL auto_increment,
+  `PERMISSION` varchar(100) NOT NULL,
+  PRIMARY KEY  USING BTREE (`ID`)
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 COMMENT='权限表';
+CREATE TABLE `role_permission` (
+  `ID` int(10) unsigned NOT NULL auto_increment,
+  `ROLE_ID` int(10) unsigned NOT NULL,
+  `PERMISSION_ID` int(10) unsigned NOT NULL,
+  PRIMARY KEY  (`ID`)
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 COMMENT='角色权限表';
+</code>
+===== 数据库数据截图 =====
+{{:分享:技术:shiro:user.png?600|}}
+{{:分享:技术:shiro:role.png?300|}}
+{{:分享:技术:shiro:user_role.png?300|}}
+{{:分享:技术:shiro:permission.png?300|}}
+{{:分享:技术:shiro:role_permission.png?300|}}

wiki

用户工具

站点工具

差别

页面工具