springboot中shiro权限控制的使用
先新建一个UserRealm
public class UserRealm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了=>AuthorizationInfo授权方法");
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
info.addStringPermission("权限");
//拿到当前登录的对象
Subject subject= SecurityUtils.getSubject();
User user= (User) subject.getPrincipal();
//设置当前用户的权限
info.addStringPermissions(user.getPerms());
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("执行了=>AuthenticationInfo认证方法");
//获取用户
UsernamePasswordToken userToken= (UsernamePasswordToken) token;
//User user=userService.getUserName(userToken.getUsername);
if(!userToken.getUsername().equals("从数据库取出的用户")){
return null ;
}
//密码认证(数据库中的数据)
return new SimpleAuthenticationInfo("user","pass","");
}
}
shiro配置
拥有对某个资源的权限才能访问
role:拥有某个角色权限才能访问
*/
Map<String,String> filterMap=new LinkedHashMap<>();
filterMap.put("请求","authc");
bean.setFilterChainDefinitionMap(filterMap);
//设置登录的请求
bean.setLoginUrl("/toLogin");
return bean;
}
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
// 关联Realm
securityManager.setRealm(userRealm);
return securityManager;
}
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}