/** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("=========================doGetAuthorizationInfo"); ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal(); ShiroUser user = shiroUserService.findUserByLoginName(shiroUser.getUsername()); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); List<ShiroRole> roles = user.getRoleList(); // 用户角色 List<ShiroPermission> permissions = user.getPermissionList(); // 用户权限 if (roles != null) { for (ShiroRole role : roles) { // 基于Role的权限信息 info.addRole(role.getRoleName()); // 基于角色Permission的权限信息 List<ShiroPermission> rolePermissions = role.getPermissionList(); if (rolePermissions != null) { for (ShiroPermission permission : rolePermissions) { info.addStringPermission(permission.getPermissionName()); } } } } if (permissions != null) { for (ShiroPermission permission : permissions) { // 基于用户Permission的权限信息 info.addStringPermission(permission.getPermissionName()); } } // TODO:删除,测试用代码 info.addRole("root"); info.addStringPermission("user:edit"); info.addStringPermission("user:list"); return info; }