maven包
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.5.3</version>
</dependency>
实现AuthorizingRealm接口
//校验权限
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
User admin = (User) getAvailablePrincipal(principals);
String roleId = userRoleService.findbyUserId(Integer.valueOf(admin.getUserId())).getRoleId();
Integer[] roleIds = {Integer.valueOf(roleId)};
Set<String> roles = new HashSet<>();
roles.add(roleService.selectByPrimaryKey(Integer.valueOf(userRoleService.findbyUserId(admin.getId()).getRoleId())).getName());
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setRoles(roles);
return info;
}
//校验用户
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
String password = new String(upToken.getPassword());
if (StringUtils.isEmpty(username)) {
throw new AccountException("用户名不能为空");
}
if (StringUtils.isEmpty(password)) {
throw new AccountException("密码不能为空");
}
UserExample userExample = new UserExample();
userExample.or().andUsernameEqualTo(username);
List<User> adminList = userService.selectByExample(userExample);
Assert.state(adminList.size() < 2, "同一个用户名存在两个账户");
if (adminList.size() == 0) {
throw new UnknownAccountException("找不到用户(" + username + ")的帐号信息");
}
User user = adminList.get(0);
if (!MD5Utils.getSaltverifyMD5(password, user.getPassword())) {
throw new UnknownAccountException("找不到用户(" + username + ")的帐号信息");
}
user.setPassword("");
SecurityUtils.getSubject().getSession().setAttribute("User", user);
return new SimpleAuthenticationInfo(user, password, getName());
}
SecurityUtils.getSubject().getSession().setAttribute("User", user);//这一句就是把user的信息放session中
然后是接口
@GetMapping("/info")
public List getpermissions(){
User user = (User) SecurityUtils.getSubject().getSession().getAttribute("User");
if(user == null) {
throw new Error();
}
UserRoleExample userRoleExample = new UserRoleExample();
userRoleExample.or().andUserIdEqualTo(String.valueOf(user.getUserId()));
RolePermissionExample rolePermissionExample = new RolePermissionExample();
rolePermissionExample.or().andRoleIdEqualTo(String.valueOf(userRoleService.selectByExample(userRoleExample).get(0).getRoleId()));
List<String> list = rolePermissionService.selectByExample(rolePermissionExample).stream().map(item-> {
return item.getPermissionId();
}).collect(Collectors.toList());
PermissionExample permissionExample= new PermissionExample();
permissionExample.or().andPermissionIdIn(list);
return permissionService.selectByExample(permissionExample);
}
直接这样应该也行不过没试
Subject currentUser = org.apache.shiro.SecurityUtils.getSubject();//使用这个就不需要session存储了
这样就完了,但是登录后调info接口user一直是null
找了好久原因甚至都怀疑是不是必须要使用jwt了,收到https://blog.csdn.net/MOKEXFDGH/article/details/96113161的启发,去掉@CrossOrigin就好了,前端去解决跨域问题,具体为何这样我研究一下再更.......