/** 授权-未授权的情况下调用 */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal();
User user = userService.findByUserName(shiroUser.loginName);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for (Role role : user.getRoleList()) {
// 基于Role的权限信息
info.addRole(role.getRoleName());
// 基于Permission的权限信息
info.addStringPermissions(role.getPermissions());
}
// log.info(info.getRoles().toString());
return info;
}
/** 认证 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AuthenticationException {
// log.info("shiro authentication");
CustomUsernamePasswordToken token = (CustomUsernamePasswordToken) authcToken;
User user =
userService.findByUserName(
token.getUsername()); // User [loginName=a, password=a, name=管理员1, status=1]
Session session = SecurityUtils.getSubject().getSession();
if (user != null) {
if ("0".equals(user.getStatus())) {
throw new DisabledAccountException();
}
String psw = String.valueOf(token.getPassword());
if (!psw.equals(user.getPassword())) {
throw new IncorrectPasswordException("密码错误!");
}
session.setAttribute("user", user);
return new SimpleAuthenticationInfo(
new ShiroUser(user.getLoginName(), user.getName()), user.getPassword(), getName());
} else {
throw new UserNotExistException("用户不存在!");
}
}