springboot中shiro权限控制的使用

springboot中shiro权限控制的使用

先新建一个UserRealm

public class UserRealm extends AuthorizingRealm {
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了=>AuthorizationInfo授权方法");
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        info.addStringPermission("权限");
        //拿到当前登录的对象
        Subject subject= SecurityUtils.getSubject();
        User user= (User) subject.getPrincipal();

        //设置当前用户的权限
        info.addStringPermissions(user.getPerms());
        return null;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("执行了=>AuthenticationInfo认证方法");
        //获取用户
        UsernamePasswordToken userToken= (UsernamePasswordToken) token;
        //User user=userService.getUserName(userToken.getUsername);
        if(!userToken.getUsername().equals("从数据库取出的用户")){
            return null ;
        }
        //密码认证(数据库中的数据)
        return new SimpleAuthenticationInfo("user","pass","");
    }
}

shiro配置

拥有对某个资源的权限才能访问
        role:拥有某个角色权限才能访问
         */
        Map<String,String> filterMap=new LinkedHashMap<>();
        filterMap.put("请求","authc");
        bean.setFilterChainDefinitionMap(filterMap);

        //设置登录的请求
        bean.setLoginUrl("/toLogin");
        return bean;
    }

    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
//        关联Realm
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }
}