1. 自定义realm设置授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String primaryPrincipal = (String) principalCollection.getPrimaryPrincipal();
System.out.println("调用授权信息" +primaryPrincipal);
if("kcl1997".equals(primaryPrincipal)){
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("admin");
return simpleAuthorizationInfo;
}
if("xiaoming".equals(primaryPrincipal)){
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("user");
return simpleAuthorizationInfo;
}
return null;
}
2.注解使用
@GetMapping("/users")
@ResponseBody
@RequiresRoles("admin")
public List<User> getUsers(){
return userService.getUsers();
}
3.代码使用
@GetMapping("/users")
@ResponseBody
public List<User> getUsers(){
Subject subject = SecurityUtils.getSubject();
if(subject.hasRole("admin")){
return userService.getUsers();
}else {
return null;
}
}