@Override
 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
   // 根据用户配置用户与权限
   if (principals == null) {
     throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
   }
   String name = (String) getAvailablePrincipal(principals);
   List<String> roles = new ArrayList<String>();
   List<String> per = new ArrayList<String>();
   // 简单默认一个用户与角色,实际项目应
   User user = userService.findByUserName(name);
   if (user.getUsername().equals(name)) {
     if (user.getRoleList().size() > 0) {
       for (int i = 0; i < user.getRoleList().size(); i++) {
         roles.add(user.getRoleList().get(i).getRole());
         for (int k = 0; k < user.getRoleList().get(i).getPermissionsList().size(); k++) {
           per.add(user.getRoleList().get(i).getPermissionsList().get(k).getPermission());
         }
       }
     }
   } else {
     throw new AuthorizationException();
   }
   SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
   // 增加角色
   info.addRoles(roles);
   info.addStringPermissions(per);
   return info;
 }
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
     throws AuthenticationException {
   UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
   User user = userService.findByUserName(token.getUsername());
   Session session = SecurityUtils.getSubject().getSession();
   if (user == null) {
     throw new AuthorizationException("用户不存在");
   }
   SimpleAuthenticationInfo info = null;
   if (user.getUsername().equals(token.getUsername())) {
     info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
     session.setAttribute("user", user);
   }
   return info;
 }