权限的判断:
1.shiro根据登录的用户名把所有的权限从数据库查询出来
//通过用户主体ID查询数据库权限
Set<String> permissionsByLoginUser = iPermissionService.findPermissionsByLoginUser(employee.getId());
2.当前用户具备的权限查询出来交给shiro管理
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
3.把查询出来的结果放在map集合里面
//查询出所有权限
List<Permission> all = iPermissionService.findAll();
for (Permission permission : all) {
String url = permission.getUrl();
String sn = permission.getSn();
mp.put(url, "perms["+sn +"]");
}
3当我们来访问的时候,根据url(key) --去shiro是否有对应的value (shiro里面做判断处理,如果
发现你没有权限,返回的没有权限的页面)
复写底层的方法解决
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Subject subject = this.getSubject(request, response);
if (subject.getPrincipal() == null) {
this.saveRequestAndRedirectToLogin(request, response);
} else {
//如果拦截请求是ajax请求,返回json来处理 否者就返回页面
//X-Requested-With
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse)response;
//获取请求头
String header = req.getHeader("X-Requested-With");
if("XMLHttpRequest".equals(header)){
//返回json {"success":false,"msg":"没有权限"}
resp.setContentType("text/json;charset=UTF-8");
resp.getWriter().print("{\"success\":false,\"msg\":\"没有权限\"}");
}else {
//返回页面
String unauthorizedUrl = this.getUnauthorizedUrl();
if (StringUtils.hasText(unauthorizedUrl)) {
WebUtils.issueRedirect(request, response, unauthorizedUrl);
} else {
WebUtils.toHttp(response).sendError(401);
}
}
}
return false;
}
菜单:(未完成)
思路:
1.从数据读取出菜单,每个人的菜单都不一样;
2.在页面展示的菜单的json 需要自己去构造出来