用到shiro框架实现权限控制时,根据实际要求,权限在数据库增删改后都要把权限过滤链变化实时更新到服务器中。
1、配置文件里配置的filterchains都是静态的,但实际开发中更多的是从数据库中动态的获取filterchains。
我们都知道ShiroFilterFactoryBean中的setFilterChainDefinitions()是读取配置文件里默认的filterchains,所以我们的思路是重写这个方法,才能达到我们想要的目的:
packagecom.xiyinli.web.shiro;importcom.baomidou.mybatisplus.mapper.EntityWrapper;importcom.xiyinli.model.CoreUser;importcom.xiyinli.model.RolesPermissions;importcom.xiyinli.service.CoreUserService;importcom.xiyinli.service.RolesPermissionsService;importorg.apache.shiro.config.Ini;importorg.apache.shiro.spring.web.ShiroFilterFactoryBean;importorg.apache.shiro.util.CollectionUtils;importorg.apache.shiro.web.config.IniFilterChainResolverFactory;importorg.springframework.beans.factory.annotation.Autowired;import java.util.*;importjava.util.stream.Collectors;/*** Created by Administrator on 2017/8/14 0014.*/
public class ShiroPermissionFactory extendsShiroFilterFactoryBean {/**记录配置中的过滤链*/
public static String definition = "";
@AutowiredprivateRolesPermissionsService rolesPermissionsService;/*** 初始化设置过滤链*/@Overridepublic voidsetFilterChainDefinitions(String definitions) {//String token = manageUserService.getAdminToken(0);//可从数据库读取后,添加至过滤链,参考此处已注释的代码
definition = definitions;//记录配置的静态过滤链//List permissions = permissService.findAll();
List rolesPermissions = rolesPermissionsService.selectList(new EntityWrapper<>());
Set urls = new LinkedHashSet<>();for(RolesPermissions rolesPermission : rolesPermissions) {
urls.add(rolesPermission.getUrl());
}
Map otherChains = new HashMap<>();for(String url : urls) {
StringBuilder roleOrFilters= newStringBuilder();for (int i = 0; i < rolesPermissions.size(); i++) {if(Objects.equals(url, rolesPermissions.get(i).getUrl())) {if (i == 0)