1.当面我们每次登录系统时,都会通过我们自己定义的继承AuthorizingRealm的ShiroRealm进行用户账号密码的确认以及拥有权限的查询:
(1)自定义shiroReam:
public class ShiroDbRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Autowired
private SysUserService sysUserService ;
@Autowired
private SysUserResService sysUserResService ;
public ShiroDbRealm() {
super();
}
/**
* 验证登陆
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
SysUser sysUser = sysUserService.getUserByLoginName(token.getUsername()) ;
//根据登录名获取用户信息
if (sysUser != null) {
return new SimpleAuthenticationInfo(sysUser.getUserNo(), sysUser.getUserPwd(), getName());
} else {
throw new AuthenticationException();
}
}
/**
* 登陆成功之后,进行角色和权限验证
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userNo = (String) getAvailablePrincipal(principals);
// 列举此用户所有的权限
//List<Permission> permissions = userService.findUserPermissionByName(username);
List<SysUserRes> listRes = sysUserResService.getPermissionByNo(userNo) ;
Set<String> strs=new HashSet<String>();
Iterator<SysUserRes> it = listRes.iterator();
while (it.hasNext()) {
SysUserRes re=it.next();
strs.add(re.getResUrl());
}
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addStringPermissions(strs);
return authorizationInfo;
}
/**
* 清除所有用户授权信息缓存.
*/
public void clearCachedAuthorizationInfo(String principal) {
SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());
clearCachedAuthorizationInfo(principals);
}
/**
* 清除所有用户授权信息缓存.
*/
public void clearAllCachedAuthorizationInfo() {
Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
if (cache != null) {
for (Object key : cache.keys()) {
cache.remove(key);
}
}
}
/**
*
* @Title: clearAuthz
* @Description: TODO 清楚缓存的授权信息
* @return void 返回类型
*/
public void clearAuthz(){
this.clearCachedAuthorizationInfo(SecurityUtils.getSubject().getPrincipals());
}
}
(2)通过siro进行处理:shiro的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
x