shiro请求授权实现
- 首先在ShiroConfig中配置授权链条
//授权(正常情况下未授权会跳转到未授权页面)配置授权链条
filterMap.put("/toAdd",“perms[user:add]”);
filterMap.put("/toUpdate", “perms[user:update]”);
//拦截所有的必须放在授权下面,不然拦截失败
filterMap.put("/**",“authc”);
//授权(正常情况下未授权会跳转到未授权页面)配置授权链条
filterMap.put("/toAdd","perms[user:add]");
filterMap.put("/toUpdate","perms[user:update]");
//设置未授权的请求(未授权页面)
factoryBean.setUnauthorizedUrl("/unauthorized");
- 在MyRealm中进行配置
//角色和权限
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了=>授权doGetAuthorizationInfo");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// info.addStringPermission("user:add");
//拿到当前登录的这个对象
Subject subject = SecurityUtils.getSubject();
User currentUser = (User) subject.getPrincipal();//拿到User对象
String perms = currentUser.getPerms();//获取当前用户的权限
info.addStringPermission(perms);//设置当前用户的权限
return info;
}
shiro多权限
数据库设计
将权限用逗号隔开
- 代码设计
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
User currentUser = (User) subject.getPrincipal();
String perms = currentUser.getPerms();
String[] strings = perms.split(",");
Collection<String> permissions=new ArrayList<>();
for (String string : strings) {
permissions.add(string);
}
info.addStringPermissions(permissions);
return info;