流程:
1.登录请求到controller,使用用户信息获取令牌
UsernamePasswordToken token = new UsernamePasswordToken(username, password, 是否记住);//创建令牌
获取用户名和密码
Subject subject = SecurityUtils.getSubject();/ 获取Subject单例对象
subject.login(token);//登录
2.1.Realm:授权领域进行登录认证,再调用service接口进行用户名密码验证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
user = loginService.login(username, password);//进行验证
}
2.2.进行授权(获取用户的权限)
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
Long userId = ShiroUtils.getUserId();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// 角色加入AuthorizationInfo认证对象
info.setRoles(roleService.selectRoleKeys(userId));
// 权限加入AuthorizationInfo认证对象
info.setStringPermissions(menuService.selectPermsByUserId(userId));
return info;
}
3.权限判断,有权限才能访问此方法
@RequiresPermissions("权限")//判断此用户是否有权限