配置在上一篇博客中配置,这里不再继续重写配置
1.配置spring-shiro.xml文件
扫描下边的类,才能实现
<aop:aspectj-autoproxy></aop:aspectj-autoproxy>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"></property>
</bean>
2.在需要设置权限的地方加注解
@RequestMapping("/list")
@RequiresPermissions("department:list")
3.实现realm数据源的权限验证在这里插入代码片
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
Employee employee = (Employee) SecurityUtils.getSubject().getPrincipal();
//获取名字
System.out.println(employee);
//定义一个容器,存放权限和角色
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
if(employee.isAdmin()==false){
//判断如果不是管理员
//进行角色和权限的查询,存放的之前的容器中
List<String> rolelist=roleService.selectByUserName(employee.getId());
List<String> permissionlist=permissionService.selectByUserName(employee.getId());
//角色列表
info.addRoles(rolelist);
//权限列表
info.addStringPermissions(permissionlist);
}else{
//如果使管理员,直接赋值为管理员 权限为*.*代表所有权限
info.addRole("admin");
//权限列表
info.addStringPermission("*:*");
}
return info;
}
4.登录方法
public ResultBean login(String username, String password){
try {
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
SecurityUtils.getSubject().login(token);
return ResultBean.success();
} catch (UnknownAccountException e) {
return ResultBean.fail("账号不存在");
} catch (IncorrectCredentialsException e) {
return ResultBean.fail( "密码错误");
} catch (Exception e) { e.printStackTrace();
return ResultBean.fail( "登录异常,请联系管理员");
}
}