1.权限判断
1.1获取到所有权限进行判断
public class FilterChainDefinitionMapBuilder {
@Autowired
private IPermissionService permissionService;
public Map<String,String> createFilterChainDefinitionMap(){
…
filterChainDefinitionMap.put("/logout","logout"); //不登录也可以访问
//从数据库拿到数据,放到咱们的Map中
//1.拿到所有权限
List<Permission> permissions = permissionService.findAll();
//2.遍历权限,拿到权限与资源
for (Permission permission : permissions) {
String url = permission.getUrl();//资源
String sn = permission.getSn();//权限
//把路径与资源放到拦截中去
filterChainDefinitionMap.put(url,"perms["+sn+"]");
}
filterChainDefinitionMap.put("/**","authc");
return filterChainDefinitionMap;
}
}
1.2.1.怎么拿到登录用户
//完成登录的认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;
String username = token.getUsername();
Employee loginUser = employeeService.findByUsername(username);
if(loginUser==null){
return null;
}
//拿到登录用户的密码
String dbPassword = loginUser.getPassword();
//设置加盐
ByteSource salt = ByteSource.Util.bytes("itsource");
SimpleAuthenticationInfo authorizationInfo = new SimpleAuthenticationInfo(loginUser[此处主体就是咱们的登录用户(对象)],dbPassword,salt,getName());
return authorizationInfo;
}
修改页面展示:
主页面的用户现在变成了这个样子
修改代码:
<shiro:user>
欢迎[ <shiro:principal property="username" />]登录,<a href="${pageContext.request.contextPath}/logout">退出</a>
</shiro:user>
2.2.2.UserContext:设置与拿到当前登录用户
public class UserContext {
private static final String USER_IN_SESSION = "loginUser";
/**
* 把当前登录用户放入Session
* @param loginUser
*/
public static void setUser(Employee loginUser) {
Subject subject = SecurityUtils.getSubject();
subject.getSession().setAttribute(USER_IN_SESSION, loginUser);
}
/**
* 从Session中获取User
*/
public static Employee getUser() {
Subject subject = SecurityUtils.getSubject();
Employee curentUser = (Employee) subject.getSession().getAttribute(USER_IN_SESSION);
return curentUser;
}
}
2.2.3.LoginController:登录成功后把用户放到Session中
@RequestMapping(value="/login",method = RequestMethod.POST)
@ResponseBody
public JsonResult login(String username, String password){
//1.拿到访问的主体(当前登录用户)
Subject subject =