This morning, followed by learning the teacher sent me the video, I found this to Shiro security framework tool is not very understanding, so a lot of errors and problems, are also basically copy or imitate, copy will be shining, but can not see do not know .....
So, it encountered a big problem, the case is different with regard to the role of certification, restrict ordinary users access to a particular path, my card one afternoon, I began to suspect that all of life! ! !
Man of few words said on the code:
public class AuthRealm extends AuthorizingRealm { @Autowired private UserService userService; //认证登录 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("进入认证登录"); // doGetAuthorizationInfo(null); UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; String username = usernamePasswordToken.getUsername(); User user = userService.findByUsername(username); return new SimpleAuthenticationInfo(user,user.getPassword(), this.getClass().getName()); } //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("进入授权"); User user = (User)principals.fromRealm(this.getClass().getName()).iterator().next(); List<String> permissionList = new ArrayList<>(); List<String> roleNameList = new ArrayList<>(); Set<Role> roleSet = user.getRoles(); if(!CollectionUtils.isEmpty(roleSet)){ for (Role role :roleSet) { roleNameList.add(role.getRname()); Set<Permission> permissionSet = role.getPermissions(); if(!CollectionUtils.isEmpty(permissionSet)){ for (Permission permission: permissionSet) { permissionList.add(permission.getPname()); } } } } Info SimpleAuthorizationInfo = new new SimpleAuthorizationInfo (); info.addRoles (roleNameList); // get each user role corresponding info.addStringPermissions (permissionList); return info; } }
In the above code, I found maybe a method is used to log in, and one for authorization (on this faulty), but when I started the project, only to enter the login method. The authorization is not turned on by default, and only do the certification authority when (there are three cases), will start, but I still can not enter the method .... and it was not an error.
In the final I searched and searched, searched and searched, found on the Internet a lot of problems related to, but not right, or the configuration file that is not a good job, but I did not even have a teacher with his success, or say no plus annotation. Eventually found the problem myself, and I had a teacher code is not the same, that is, he and I fill in the position to intercept the information is not the same, his / ** full path filter is placed last line, and I was the admin role following the certification on it .... that I was discovered, did not pay attention, did not think that this is the reason ..... let me think for a long time still do not understand (it should be considered a node, in filter interception set up after all this does not take effect).
The picture shows I followed configuration ShiroConfiguration, here, I saw the teacher assign permissions path for the admin, admin role to determine whether the access before, I am going to write the last line, which led to doGetAuthorizationInfo method does not start successfully. I also remember a little, / ** Access must be intercepted on the last line! !
Really sometimes careless blunder, I know not seriously study! Never to the skin, or honestly concentrate knock bar codes, solid enough for school, next year to find a good job!