第一步. pom依赖
<!--shiro-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
第二步:创建实体
package com.servingcloud.xszcloud.web.shiro.entity;
import lombok.Data;
import java.util.List;
/**
* Created by
* on 2018/10/9
*/
@Data
public class User {
private int id;
private String username;
private String password;
//用户的角色 一对多关系
private List<Role> roleList;
}
package com.servingcloud.xszcloud.web.shiro.entity;
import lombok.Data;
import java.util.List;
/**
* Created by
* on 2018/10/9
*/
@Data
public class Role {
private int id;
private String rolename;//角色名称
private String roledesc;//角色描述
private List<Permission> permissions;//角色权限关系 多对多 一个角色对应多个权限
}
package com.servingcloud.xszcloud.web.shiro.entity;
import lombok.Data;
import java.util.List;
/**
* Created by
* on 2018/10/9
*/
@Data
public class Permission {
private int id;
private String modelname;
private String permission;
private List<Role> roles;//角色权限关系 多对多
}
第三步:MyShiroRelam extends AuthorizingRealm 并写ShiroConfig类
package com.servingcloud.xszcloud.web.shiro.config;
import com.servingcloud.xszcloud.web.shiro.entity.Permission;
import com.servingcloud.xszcloud.web.shiro.entity.Role;
import com.servingcloud.xszcloud.web.shiro.entity.User;
import com.servingcloud.xszcloud.web.shiro.service.IUserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
/**
* Created by
* on 2018/10/9
*/
public class MyShiroRelam extends AuthorizingRealm {
@Autowired
private IUserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("用户权限配置。。。。。。。。。。");
//访问@RequirePermission注解的url时触发
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
User userInfo = (User)principals.getPrimaryPrincipal();
//获得用户的角色,及权限进行绑定
for(Role role:userInfo.getRoleList()){
authorizationInfo.addRole(role.getRolename());
for(Permission p:role.getPermission