shiroConfig添加请求拦截
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager);
//内置拦截器
//anon 无需认证
//authc 必须认证
//user 必须有记住我功能
//perms 拥有对某个资源权限才能访问
//role 具有某种角色
//登录拦截
Map<String, String> filterMap = new HashMap<>();
filterMap.put("/user/level1", "perms[user:level1]");
filterMap.put("/user/level2", "perms[user:level2]");
// filterMap.put("/user/*", "authc");
bean.setFilterChainDefinitionMap(filterMap);
//设置登录的请求
bean.setLoginUrl("/toLogin");
return bean;
}
realm进行授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
User user = (User) subject.getPrincipal();
String perm = user.getPerm();
info.addStringPermission(perm);
return info;
}