本章节基于:五、Springboot 整合Shiro---03认证---第三方QQ登陆
一、通过realm进行权限控制
1、在templates下创建三个html页面
user.html、admin.html、unauthorized.html
2、创建一个Action类
package com.xslde.action;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import java.util.Map;
/**
* Created by xslde on 2018/7/21
*/
@Controller
public class PermissionAction {
@GetMapping("/unauthorized")
public String unauthorized(){
return "unauthorized.html";
}
//拥有user角色才可访问
@GetMapping("/user")
public String user(Map<String,String> mode){
mode.put("msg","拥有user角色");
return "user.html";
}
//拥有user角色才可访问和user:query权限才可访问
@GetMapping("/user/per")
public String userPer(Map<String,String> mode){
mode.put("msg","拥有user角色和user:query权限");
return "user.html";
}
//拥有admin角色才可访问
@GetMapping("/admin")
public String admin(Map<String,String> mode){
mode.put("msg","拥有admin角色");
return "admin.html";
}
}
3、在ShiroConf.class中加入上面action类中的请求url权限控制,对shiroFilter方法进行改动,添加拦截url和无权访问跳转页面url
package com.xslde.configurer;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @Author xslde
* @Description
* @Date 2018/7/20 16:25
*/
@Configuration
public class ShiroConf {
//注入shiro过滤器
@Bean("shiroFilterFactoryBean")
public ShiroFilterFactoryBean shiroFilter(WebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);