1.查找用户列表,并添加到当前session中
@Controller
public class HomeController {
@Autowired
private SysUserService sysUserService;
@RequestMapping({"/","/index"})
public String index(HttpServletRequest request){
//通过安全管理工具,获取用户对象
Subject subject = SecurityUtils.getSubject();
//获取用户身份-------用户名
String username = (String)subject.getPrincipal();
//获取当前对象所在的session
Session session = subject.getSession();
//获取权限列表
List<SysPermission> permissionList = sysUserService.findPermission(username);
//添加权限列表到session回话中
session.setAttribute("menuList",permissionList);
return "index";
}
}
2.index.html 使用th显示权限列表菜单
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
index
<table>
<thead>
<tr>
<th>序号</th>
<th>菜单名称</th>
<th>权限</th>
<th>url路径</th>
</tr>
<tr th:each="menu:${session.menuList}">
<td th:text="${menu.id}"></td>
<td th:text="${menu.name}"></td>
<td th:text="${menu.percode}"></td>
<td th:text="${menu.url}"></td>
</tr>
</thead>
</table>
</body>
</html>
3.使用shiro控制哪些权限可见,哪些不可见
1.导入依赖
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>1.2.1</version>
</dependency>
2.index.html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<span shiro:authenticated="true" >
<span>我已登录</span>
</span>
<span shiro:haspermission="aaa" >
<span>没有权限</span>
</span>
<span shiro:haspermission="userInfo:delete" >
<span>我有权限</span>
</span>
</body>
</html>
密码登录次数限制
测试
