/** 授权-未授权的情况下调用 */
 @Override
 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
   ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
   User user = userService.findByUserName(shiroUser.loginName);
   SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
   for (Role role : user.getRoleList()) {
     // 基于Role的权限信息
     info.addRole(role.getRoleName());
     // 基于Permission的权限信息
     info.addStringPermissions(role.getPermissions());
   }
   // log.info(info.getRoles().toString());
   return info;
 }
 /** 认证 */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   // log.info("shiro authentication");
   CustomUsernamePasswordToken token = (CustomUsernamePasswordToken) authcToken;
   User user =
       userService.findByUserName(
           token.getUsername()); // User [loginName=a, password=a, name=管理员1, status=1]
   Session session = SecurityUtils.getSubject().getSession();
   if (user != null) {
     if ("0".equals(user.getStatus())) {
       throw new DisabledAccountException();
     }
     String psw = String.valueOf(token.getPassword());
     if (!psw.equals(user.getPassword())) {
       throw new IncorrectPasswordException("密码错误!");
     }
     session.setAttribute("user", user);
     return new SimpleAuthenticationInfo(
         new ShiroUser(user.getLoginName(), user.getName()), user.getPassword(), getName());
   } else {
     throw new UserNotExistException("用户不存在!");
   }
 }