Permission judgment:
1.shiro based on the user's login name all the permissions from the database queries
// user principal ID to query the database permissions
the Set <String> permissionsByLoginUser = iPermissionService.findPermissionsByLoginUser (employee.getId ()) ;
2. The current user has permission to check out shiro management
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
3. to check out the results on the map collection inside
//查询出所有权限
List<Permission> all = iPermissionService.findAll();
for (Permission permission : all) {
String url = permission.getUrl();
String sn = permission.getSn();
mp.put(url, "perms["+sn +"]");
}
3 When we come to visit, according to url (key) - go shiro whether there is a corresponding value (shiro which to make a judgment process, if
found you have no rights, no rights of the returned page)
The underlying replication solutions
@Override
protected Boolean onAccessDenied (the ServletRequest Request , the ServletResponse Response) throws IOException {
the Subject Subject = this.getSubject (Request , Response) ;
IF (subject.getPrincipal () == null) {
this.saveRequestAndRedirectToLogin (Request , Response) ;
} the else {
// If the request is intercepted ajax request, it returns json to whether the person returns to the processing page // X-requested-With- the HttpServletRequest REQ = (the HttpServletRequest) request ; the HttpServletResponse RESP = (the HttpServletResponse) Response ; // Get request header
String header = req.getHeader("X-Requested-With");
if("XMLHttpRequest".equals(header)){
//返回json {"success":false,"msg":"没有权限"}
resp.setContentType("text/json;charset=UTF-8");
resp.getWriter().print("{\"success\":false,\"msg\":\"没有权限\"}");
}else {
//返回页面
String unauthorizedUrl = this.getUnauthorizedUrl();
if (StringUtils.hasText(unauthorizedUrl)) {
WebUtils.issueRedirect(request, response, unauthorizedUrl);
} else {
WebUtils.toHttp(response).sendError(401);
}
}
}
return false;
}
Menu :( unfinished)
Ideas:
1. The data read from the menu, the menu is not the same for everyone;
2. page display menu json to make their own constructed