Shiro是一款十分好用的权限管理框架 可以和SpringBoot整合实现页面的权限控制
首先导入pom依赖
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
然后自定义我们的Realm对象 (配置类中需要这个类) 并且需要在Realm类中实现我们的授权和认证(Shiro的核心)
package com.jee.shiro;
import com.jee.entity.User;
import com.jee.mapper.UserMapper;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
//自定义的 UserRealm
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserMapper userMapper;
//授权(在访问需要权限的页面是 才会进行授权)
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了授权 AuthorizationInfo");
//授权 登录成功的
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//获得当前对象
Subject subject = SecurityUtils.getSubject();
//获得认证中添加的当前用户的信息
User currentUser = (User)subject.getPrincipal();
//一般是通过这个User 查询数据库中对应的权限 然后给他授权
//这里模拟一下就行
System.out.println("id:"+currentUser.getId());
info.addStringPermission("id:"+currentUser.getId());
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {