一.session处理
1.1 登录成功后主体为用户
以前登录成功,传的是username,现在传Employee对象
//身份认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
...
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(loginUser,password,salt,getName());
return authenticationInfo;
}
1.2 UserContext
session是从subject获取
存在shiro的session中后,HttpSession也会有值
public class UserContext {
public static final String USER_IN_SESSION ="loginUser";
//把登录成功的用户放到session中
public static void setUser(Employee loginUser){
Subject subject = SecurityUtils.getSubject();
//代表登录成功,把当前登录用户放到Session中去(shiro的session)
//1.拿到session
Session session = subject.getSession();
//2.把当前登录成功的用户放到session中去
session.setAttribute(USER_IN_SESSION, loginUser);
}
//获取到当前登录用户
public static Employee getUser(){
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
Employee employee = (Employee) session.getAttribute(USER_IN_SESSION);
return employee;
}
}
二.授权管理
2.1 FilterChainDefinitionMapFactory
保存所有权限过滤的数据都是从数据库中获取
@Autowired
private IPermissionService permissionService;
public Map<String,String> createFilterChainDefinitionMap(){
...
//拿到所有权限
List<Permission> perms = permissionService.findAll();
//设置相应的权限
perms.forEach(p ->