版权声明:转载请注明出处 https://blog.csdn.net/chenmingxu438521/article/details/88635904
一、首先我们在数据库中加入这几条数据
1.在sys_users表(用户名:http 密码:123456 用户名:http123 密码:123456)
2.在sys_roles表
3.在权限sys_permissions
4.在用户角色关系sys_users_roles
5.角色权限关系sys_roles_permissions
扫描二维码关注公众号,回复:
6083671 查看本文章
二、在controller包下面创建TestController.java
@RestController
@RequestMapping("/test")
public class TestController {
@Autowired
private UserService userService;
@RequiresPermissions("system:user:add")
@RequestMapping("/add")
public String add(User loginUser, ServletRequest request){
return "add";
}
@RequiresRoles("admin")
@RequestMapping("/modify")
public String modify(User loginUser,ServletRequest request){
return "modify";
}
@RequiresPermissions("system:user:delete")
@RequestMapping("/delete")
public String delete(User loginUser,ServletRequest request){
return "delete";
}
}三、创建跳转页面(源码上篇文章后面已经奉献)
四、创建全局异常处理
1.ExceptionHandler.java
public class ExceptionHandler implements HandlerExceptionResolver{
@Override
public ModelAndView resolveException(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex) {
ModelAndView mv = new ModelAndView();
FastJsonJsonView view = new FastJsonJsonView();
Map<String,Object> attributes = new HashMap<>();
if (ex instanceof UnauthorizedException) {
attributes.put("code", "1000001");
attributes.put("msg", "用户无权限");
}else if(ex instanceof UnknownAccountException){
attributes.put("code", "1000002");
attributes.put("msg", "用户名密码有误");
}else if(ex instanceof IncorrectCredentialsException){
attributes.put("code", "1000002");
attributes.put("msg", "用户名密码有误");
}else if(ex instanceof LockedAccountException){
attributes.put("code", "1000003");
attributes.put("msg", "账号已被锁定");
}else {
attributes.put("code", "1000004");
attributes.put("msg", ex.getMessage());
}
view.setAttributesMap(attributes);
mv.setView(view);
return mv;
}
}2.创建全局异常处理(在ShiroConfig中)
/**
* 注册全局异常处理
* @return
*/
@Bean(name = "exceptionHandler")
public HandlerExceptionResolver handlerExceptionResolver() {
return new ExceptionHandler();
}五、使用注解需要开启Spring AOP否则不生效
1.
//自动代理所有的advisor
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
return advisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(){
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager());
return advisor;
}2.创建两个接口findRoles,findPermissions主要用于查询用户所属的角色/权限
@Override
public Set<String> findRoles(String username) {
return userDao.findRoles(username);
}
@Override
public Set<String> findPermissions(String username) {
return userDao.findPermissions(username);
}3.Realm授权
/**
* 授权
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
String username = (String) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
//在数据库中查询用户拥有的角色/权限
authorizationInfo.setRoles(userService.findRoles(username));
authorizationInfo.setStringPermissions(userService.findPermissions(username));
return authorizationInfo;
}六、测试
1.用户:http 密码:123456
都可以请求到
2.用户:http123 密码:123456
其他的就没有权限了
七、结束,就这样完成了springboot与shiro的整合。