1:第一步创建 权限拦截策略类
import com.example.demo.entity.PageData;
import com.example.demo.service.IBuserService;
import com.example.demo.service.MenuService;
import com.example.demo.util.SpringContextUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.PathMatchingFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.util.List;
/**
* 权限 拦截策略
*/
public class MyAccessControlFilter extends PathMatchingFilter {
private Logger logger = LoggerFactory.getLogger(this.getClass());
//相关service
@Autowired
private IBuserService userService;
//相关service
@Autowired
private MenuService menuService;
//自定义Realm类
@Autowired
private CustomRealm customRealm;
@Override
protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
//注意这个不能省略,否则注入可能为空 SpringContextUtil.工具类可以复制第四
if (userService==null){
userService= SpringContextUtil.getBean(IBuserService.class);
}
if (menuService==null){
menuService= SpringContextUtil.getBean(MenuService.class);
}
if (customRealm==null){
customRealm= SpringContextUtil.getBean(CustomRealm.class);
}
//请求的url
String requestURL = getPathWithinApplication(request);
System.out.println("请求的url :"+requestURL);
//判断是否登录
Subject subject = SecurityUtils.getSubject();
if (!subject.isAuthenticated()){
// 如果没有登录, 直接返回true 进入登录流程
request.getRequestDispatcher("/login.html").forward(request, response);
return true;
}
//获取账户
String account = (String)subject.getPrincipal();
//此处pageData只是个通用实体类
PageData accountData= userService.getAccount(account);
//用户id
Long userId = (Long)accountData.get("user_id");
// 获取所有权限
List<PageData> permissions =(List<PageData>)menuService.queryAllPerms(userId);
for (PageData pd : permissions) {
//根据菜单id查询路径
PageData menu = menuService.getMenuById(pd);
if (menu.getString("path").equals(requestURL)){
//获取访菜单id
Integer menu_id=(Integer)menu.get("id");
//通过方法调用再次调用自定义CustomRealm 的doGetAuthorizationInfo
AuthorizationInfo info = customRealm.getInfo(SecurityUtils.getSubject().getPrincipals(),menu_id) ;
hasPermission=true;
break;
}
hasPermission=true;
}
if (hasPermission){
return true;
}else {
UnauthorizedException ex = new UnauthorizedException("当前用户没有访问路径" + requestURL + "的权限");
subject.getSession().setAttribute("ex",ex);
WebUtils.issueRedirect(request, response,