三、springboot+shiro整合第三篇（权限验证）

版权声明：转载请注明出处 https://blog.csdn.net/chenmingxu438521/article/details/88635904

一、首先我们在数据库中加入这几条数据

1.在sys_users表（用户名：http 密码：123456   用户名：http123 密码：123456）

2.在sys_roles表

3.在权限sys_permissions

4.在用户角色关系sys_users_roles

5.角色权限关系sys_roles_permissions

二、在controller包下面创建TestController.java

[code]@RestController
@RequestMapping("/test")
public class TestController {

@Autowired
private UserService userService;

@RequiresPermissions("system:user:add")
@RequestMapping("/add")
public String add(User loginUser, ServletRequest request){

return "add";
}

@RequiresRoles("admin")
@RequestMapping("/modify")
public String modify(User loginUser,ServletRequest request){

return "modify";
}

@RequiresPermissions("system:user:delete")
@RequestMapping("/delete")
public String delete(User loginUser,ServletRequest request){

return "delete";
}
}

三、创建跳转页面（源码上篇文章后面已经奉献）

四、创建全局异常处理

1.ExceptionHandler.java

[code]public class ExceptionHandler implements HandlerExceptionResolver{

@Override
public ModelAndView resolveException(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex) {

ModelAndView mv = new ModelAndView();
FastJsonJsonView view = new FastJsonJsonView();
Map<String,Object> attributes = new HashMap<>();
if (ex instanceof UnauthorizedException) {
attributes.put("code", "1000001");
attributes.put("msg", "用户无权限");
}else if(ex instanceof UnknownAccountException){
attributes.put("code", "1000002");
attributes.put("msg", "用户名密码有误");
}else if(ex instanceof IncorrectCredentialsException){
attributes.put("code", "1000002");
attributes.put("msg", "用户名密码有误");
}else if(ex instanceof LockedAccountException){
attributes.put("code", "1000003");
attributes.put("msg", "账号已被锁定");
}else {
attributes.put("code", "1000004");
attributes.put("msg", ex.getMessage());
}

view.setAttributesMap(attributes);
mv.setView(view);
return mv;
}

}

2.创建全局异常处理（在ShiroConfig中）

[code]/**
* 注册全局异常处理
* @return
*/
@Bean(name = "exceptionHandler")
public HandlerExceptionResolver handlerExceptionResolver() {
return new ExceptionHandler();
}

 

五、使用注解需要开启Spring AOP否则不生效

1.

[code]//自动代理所有的advisor
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
return advisorAutoProxyCreator;
}

@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(){
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager());
return advisor;
}

2.创建两个接口findRoles,findPermissions主要用于查询用户所属的角色/权限

[code]@Override
public Set<String> findRoles(String username) {
return userDao.findRoles(username);
}

@Override
public Set<String> findPermissions(String username) {
return userDao.findPermissions(username);
}

3.Realm授权

[code]/**
* 授权
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {

String username = (String) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
//在数据库中查询用户拥有的角色/权限
authorizationInfo.setRoles(userService.findRoles(username));
authorizationInfo.setStringPermissions(userService.findPermissions(username));
return authorizationInfo;
}

六、测试

1.用户：http  密码：123456

都可以请求到

2.用户：http123  密码：123456

其他的就没有权限了

七、结束，就这样完成了springboot与shiro的整合。