// 载入角色和权限
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    String loginName = (String) principals.getPrimaryPrincipal();
    User user = adminUserDao.getByLoginName(loginName);

    Set<String> permissionSet = adminUserDao.getPermissions(user.getId());
    Set<String> roleSet = adminUserDao.getRoles(user.getId());

    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.setRoles(roleSet);
    authorizationInfo.setStringPermissions(permissionSet);

    return authorizationInfo;
  }
  // 验证用户
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    String loginName = (String) token.getPrincipal(); // 得到用户名
    String password = new String((char[]) token.getCredentials()); // 得到密码

    User user = new User();
    user.setLoginName(loginName);
    user.setPassword(password);
    User loginUser = adminUserDao.login(user.getLoginName(), user.getPassword());
    if (loginUser == null || loginUser.getId() <= 0) {
      throw new IncorrectCredentialsException("用户名或密码不正确!");
    }

    // 如果身份认证验证成功,返回一个 AuthenticationInfo 实现;
    return new SimpleAuthenticationInfo(loginName, password, getName());
  }