1.表结构
2.Controller
// 判断是否成功登录
assertEquals(true, subject.isAuthenticated());
System.out.println("登录成功!!");
// 判断用户是否拥有某个角色
assertEquals(true, subject.hasRole("admin"));
// 使用Shiro自带的断言判断用户是否有被授权
subject.checkRole("manager");
subject.checkPermission("create_user1");
// 注销用户
subject.logout();
3.Spring-dao.xml配置
<bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
<!--<property name="credentialsMatcher" ref="credentialsMatcher"></property>-->
<property name="permissionsLookupEnabled" value="true"></property>
<property name="dataSource" ref="dataSource"></property>
<property name="authenticationQuery"
value="SELECT password FROM users WHERE username = ?"></property>
<property name="userRolesQuery"
value="SELECT permission FROM roles_permissions WHERE role_name = ? " />
</bean>
4.web.xml
<!-- Shiro Filter -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
5.总结
之后在应用程序任意地方调用SecurityUtils.getSubject() 都可以获取到当前认证通过的用户实例
这就意味着在判断请求时可以方便的进行操作
博客:
http://www.cnblogs.com/xql4j/
http://kdboy.iteye.com/blog/1155450
http://blog.csdn.net/chris_mao/article/details/49215471