文章目录
1 权限判断
1.1 获取到所有的权限进行判断
//这个值之后从数据库中查询到【用户-角色-权限-资源】
//map.put("/s/permission.jsp","perms[user:*]");
List<Permission> permissions = permissionService.findAll();
for (Permission permission : permissions) {
String url = permission.getUrl();
String sn = permission.getSn();
map.put(url, "yxbPerms["+sn+"]");
}
1.2 重写权限拦截器
重写shiro 的权限拦截器 PermissionsAuthorizationFilter
写一个类去继承PermissionsAuthorizationFilter
public class ItsourceYxbPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Subject subject = this.getSubject(request, response);
if (subject.getPrincipal() == null) {
//没有登录成功后的操作
this.saveRequestAndRedirectToLogin(request, response);
} else {
//登录成功后没有权限的操作
//1.转成http的请求与响应操作
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
//2.根据请求确定是什么请求
String xRequestedWith = httpRequest.getHeader("X-Requested-With");
if (xRequestedWith !