权限的判断:
1.shiro根据登录的用户名把所有的权限从数据库查询出来
//通过用户主体ID查询数据库权限Set<String> permissionsByLoginUser = iPermissionService.findPermissionsByLoginUser(employee.getId());
2.当前用户具备的权限查询出来交给shiro管理
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
3.把查询出来的结果放在map集合里面
//查询出所有权限List<Permission> all = iPermissionService.findAll();for (Permission permission : all) { String url = permission.getUrl(); String sn = permission.getSn(); mp.put(url, "perms["+sn +"]");}
3当我们来访问的时候,根据url(key) --去shiro是否有对应的value (shiro里面做判断处理,如果
发现你没有权限,返回的没有权限的页面)
复写底层的方法解决
@Overrideprotected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException { Subject subject = this.getSubject(request, response); if (subject.getPrincipal() == null) { this.saveRequestAndRedirectToLogin(request, response); } else { //如果拦截请求是ajax请求,返回json来处理 否者就返回页面 //X-Requested-With HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse)response; //获取请求头 String header = req.getHeader("X-Requested-With"); if("XMLHttpRequest".equals(header)){ //返回json {"success":false,"msg":"没有权限"} resp.setContentType("text/json;charset=UTF-8"); resp.getWriter().print("{\"success\":false,\"msg\":\"没有权限\"}"); }else { //返回页面 String unauthorizedUrl = this.getUnauthorizedUrl(); if (StringUtils.hasText(unauthorizedUrl)) { WebUtils.issueRedirect(request, response, unauthorizedUrl); } else { WebUtils.toHttp(response).sendError(401); } } } return false;}
菜单:(未完成)
思路:
1.从数据读取出菜单,每个人的菜单都不一样;
2.在页面展示的菜单的json 需要自己去构造出来