美文网首页
springboot + jwt + shiro 前后端分离权限

springboot + jwt + shiro 前后端分离权限

作者: pretty_rain | 来源:发表于2020-05-30 16:30 被阅读0次

权限类说明:

权限配置类:ShiroConfiguration (权限核心配置类)、AuthFilter(拦截器配置类)、AuthRealm(认证类)、AuthTokenVo、NoPermissionException(无权限异常处理类)、JWTUtil(token工具类)、AuthConstant(提示类)、ReturnMessage 返回信息类
测试需要的类:User UserController UserList UserPermission UserRole
maven坐标

权限核心配置

import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @ClassName ShiroConfiguration
 * @Description
 * @Author XinChunYu
 * @Date 2020/5/29 13:42
 * @Version 1.0
 **/
@Configuration
public class ShiroConfiguration {

    private org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(ShiroConfiguration.class);

    //从配置文件里面读取是否需要启动登录认证的开关,默认true
    //@Value("${jwt.auth}")
    private boolean auth = true;

    //配置拦截器
    @Bean
    public ShiroFilterFactoryBean shiroFilter(org.apache.shiro.mgt.SecurityManager securityManager) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //设置securityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //启用认证
        String openAuth = auth ? "auth" : "anon";

        //自定义过滤器链
        Map<String, javax.servlet.Filter> filters = new HashMap<>();
        //指定拦截器处理
        filters.put("auth", new com.lzqs.yuanzilian.shiro.AuthFilter());
        shiroFilterFactoryBean.setFilters(filters);
        Map<String, String> filterMap = new LinkedHashMap<>();

        //登录请求不拦截
        filterMap.put("/user/login", "anon");
        //登录页面需要用到的接口,不拦截
        filterMap.put("/user/fetchCurrentUser", "anon");
        //拦截所有接口请求,做权限判断
        filterMap.put("/**", openAuth);

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        logger.info("Shiro拦截器工厂类注入成功");
        return shiroFilterFactoryBean;
    }

    // SecurityManager 安全管理器;Shiro的核心
    @Bean
    public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(userRealm());
        return securityManager;
    }

    //自定义身份认证realm
    @Bean
    public AuthRealm userRealm() {
        return new AuthRealm();
    }

    @Bean("lifecycleBeanPostProcessor")
    //管理shiro生命周期
    public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    //Shiro注解支持
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(org.apache.shiro.mgt.SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager((org.apache.shiro.mgt.SecurityManager) securityManager);
        return authorizationAttributeSourceAdvisor;
    }

}

权限过滤器

package com.lzqs.yuanzilian.shiro;

import com.alibaba.fastjson.JSONObject;
import com.lzqs.yuanzilian.constant.ReturnMessage;
import com.lzqs.yuanzilian.shiro.util.AuthConstant;
import com.lzqs.yuanzilian.shiro.util.JWTUtil;
import io.micrometer.core.instrument.util.StringUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @ClassName AuthFilter
 * @Description 实现自定义的认证拦截器,接收传过来的token,实现前后端分离的权限认证
 * @Author XinChunYu
 * @Date 2020/5/29 14:03
 * @Version 1.0
 **/
public class AuthFilter extends AuthenticatingFilter {

    private org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(AuthorizingRealm.class);
    private ReturnMessage responseResult = ReturnMessage.failWithMsg(AuthConstant.AUTHENTICATE_FAIL);

        @Override
        protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
            return null;
        }

        /**
         * 在这里拦截所有请求
         * @param request
         * @param response
         * @param mappedValue
         * @return
         */
        @Override
        protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
            String token = JWTUtil.getRequestToken((HttpServletRequest)request);
            if (!StringUtils.isBlank(token)){
                try {
                    this.executeLogin(request, response);
                } catch (Exception e) {
                    // 应用异常
                    logger.info(e.getMessage());
                    responseResult = ReturnMessage.failWithMsg(e.getMessage());
                    return false;
                }
            } else {
                // cookie中未检查到token或token为空
                HttpServletRequest httpServletRequest = WebUtils.toHttp(request);
                String httpMethod = httpServletRequest.getMethod();
                String requestURI = httpServletRequest.getRequestURI();
                responseResult = ReturnMessage.failWithMsg(AuthConstant.TOKEN_BLANK);
                logger.info("请求 {} 的Token为空 请求类型 {}", requestURI, httpMethod);
                return false;
            }
            return true;
        }

        /**
         * 请求失败拦截,请求终止,不进行转发直接返回客户端拦截结果
         * @param request
         * @param response
         * @return
         * @throws Exception
         */
        @Override
        protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception{
            HttpServletResponse httpServletResponse = (HttpServletResponse)response;
            httpServletResponse.setContentType("application/json; charset=utf-8");
            httpServletResponse.setCharacterEncoding("UTF-8");
            //ReturnMessage returnMessage = ReturnMessage.failWithMsg(AuthConstant.AUTHENTICATE_FAIL);
            httpServletResponse.getWriter().print(JSONObject.toJSONString(responseResult));
            return false;
        }

        /**
         * 用户存在,执行登录认证
         * @param request
         * @param response
         * @return
         * @throws Exception
         */
        @Override
        protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
            String token = JWTUtil.getRequestToken((HttpServletRequest)request);
            AuthTokenVo jwtToken = new AuthTokenVo(token);
            // 提交给AuthRealm进行登录认证
            getSubject(request, response).login(jwtToken);
            return true;
        }
}

token认证和权限认证

import com.lzqs.yuanzilian.shiro.controller.User;
import com.lzqs.yuanzilian.shiro.controller.UserList;
import com.lzqs.yuanzilian.shiro.controller.UserPermission;
import com.lzqs.yuanzilian.shiro.controller.UserRole;
import com.lzqs.yuanzilian.shiro.util.AuthConstant;
import io.micrometer.core.instrument.util.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/**
 * @ClassName AuthRealm
 * @Description
 * @Author XinChunYu
 * @Date 2020/5/29 13:51
 * @Version 1.0
 **/
public class AuthRealm extends AuthorizingRealm {

    private org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(AuthorizingRealm.class);

    /**
     * 重写,绕过身份令牌异常导致的shiro报错
     * @param authenticationToken
     * @return
     */
    @Override
    public boolean supports(AuthenticationToken authenticationToken){
        return authenticationToken instanceof AuthTokenVo;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        logger.info("用户角色权限认证");
        //获取用户登录信息
        User user = (User)principals.getPrimaryPrincipal();
        //添加角色和权限
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        for(UserRole userRole : user.getUserRoleList()){
            authorizationInfo.addRole(userRole.getUserRoleName());
            for(UserPermission permissionVo : userRole.getUserPermissionList()){
                authorizationInfo.addStringPermission(permissionVo.getUserPermissionName());
            }
        }
        return authorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        logger.info("执行认证逻辑");
        //获得token
        String token = (String)authenticationToken.getCredentials();
        //获得token中的用户信息
        String username = JwtAuthenticator.getUsername(token);
        //判空
        if(StringUtils.isBlank(username)){
            throw new AuthenticationException(AuthConstant.TOKEN_BLANK);
        }
        User user = null;
        try{
            for(User u : UserList.userList){
                if(u.getUsername().equals(username)){
                    user = u;
                }
            }
            //查询用户是否存在
            if(user == null){
                throw new AuthenticationException(AuthConstant.TOKEN_INVALID);
                //token过期
            }else if(!(JwtAuthenticator.verifyToken(token, username, user.getPassword()))){
                throw new AuthenticationException(AuthConstant.TOKEN_EXPIRE);
            }
        }catch (Exception e){
            throw e;
        }
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                user,
                token,
                getName());
        return authenticationInfo;
    }
}

jwt token对象

import org.apache.shiro.authc.AuthenticationToken;

/**
 * @ClassName AuthTokenVo
 * @Description
 * @Author XinChunYu
 * @Date 2020/5/29 14:09
 * @Version 1.0
 **/
public class AuthTokenVo implements AuthenticationToken {
    private String token;
    public AuthTokenVo(String token){
        this.token = token;
    }

    @Override
    public Object getPrincipal(){
        return token;
    }

    @Override
    public Object getCredentials(){
        return token;
    }
}

异常处理

import com.alibaba.fastjson.JSONObject;
import com.lzqs.yuanzilian.constant.ReturnMessage;
import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @ClassName NoPermissionException
 * @Description
 * @Author XinChunYu
 * @Date 2020/5/30 15:12
 * @Version 1.0
 **/
@ControllerAdvice
public class NoPermissionException {

    /**
     * 用户角色权限认证 当没有权限时会报UnauthorizedException异常 此处处理异常给前端返回提示语
     * @param response
     * @param ex
     * @throws IOException
     */
    @ResponseBody
    @ExceptionHandler(UnauthorizedException.class)
    public void handleShiroException(HttpServletResponse response, Exception ex) throws IOException {
        HttpServletResponse httpServletResponse = (HttpServletResponse)response;
        httpServletResponse.setContentType("application/json; charset=utf-8");
        httpServletResponse.setCharacterEncoding("UTF-8");
        //ReturnMessage returnMessage = ReturnMessage.failWithMsg(AuthConstant.AUTHENTICATE_FAIL);
        httpServletResponse.getWriter().print(JSONObject.toJSONString(ReturnMessage.failWithMsg("访问了无权限目录")));
    }
   //执行认证逻辑认证不通过时会走  过滤器AuthFilter中的onAccessDenied方法 所以这个异常不捕获
   /* @ResponseBody
    @ExceptionHandler(AuthorizationException.class)
    public String AuthorizationException(Exception ex) {
        return "权限认证失败";
    }*/
}

jwt token工具类

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;

import javax.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import java.util.Date;

/**
 * @ClassName JWTUtil
 * @Description
 * @Author XinChunYu
 * @Date 2020/5/29 13:18
 * @Version 1.0
 **/
public class JWTUtil {

    // 过期时间50分钟
    private static final long EXPIRE_TIME = 50*60*1000;

    /**
     * 校验token是否正确
     * @param token 密钥
     * @param secret 用户的密码
     * @return 是否正确
     */
    public static boolean verify(String token, String username, String secret) {
        try {
            Algorithm algorithm = Algorithm.HMAC256(secret);
            JWTVerifier verifier = JWT.require(algorithm)
                    .withClaim("username", username)
                    .build();
            DecodedJWT jwt = verifier.verify(token);
            return true;
        } catch (Exception exception) {
            return false;
        }
    }

    /**
     * 获得token中的信息无需secret解密也能获得
     * @return token中包含的用户名
     */
    public static String getUsername(String token) {
        try {
            DecodedJWT jwt = JWT.decode(token);
            return jwt.getClaim("username").asString();
        } catch (JWTDecodeException e) {
            return null;
        }
    }

    /**
     * 生成签名,5min后过期
     * @param username 用户名
     * @param secret 用户的密码
     * @return 加密的token
     */
    public static String sign(String username, String secret) {
        try {
            Date date = new Date(System.currentTimeMillis()+EXPIRE_TIME);
            Algorithm algorithm = Algorithm.HMAC256(secret);
            // 附带username信息
            return JWT.create()
                    .withClaim("username", username)
                    .withExpiresAt(date)
                    .sign(algorithm);
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    public static String getRequestToken(HttpServletRequest request) {
        return request.getHeader("token");
    }
}

认证提示

package com.lzqs.yuanzilian.shiro.util;

/**
 * @ClassName AuthConstant
 * @Description 权限相关的常量
 * @Author XinChunYu
 * @Date 2020/5/29 14:06
 * @Version 1.0
 **/
public class AuthConstant {

        /**
         * cookie中存储的token字段名
         */
        public final static String COOKIE_TOKEN_NAME = "Authorization";

        /**
         * token有效时间 时*分*秒*1000L
         */
        public final static Long EXPIRE_TIME = 3*60*1000L;//先设置3分钟

        //登录认证结果,返回给前端
        public final static String UNKNOWN_ACCOUNT = "登录失败, 用户不存在。";

        public final static String WRONG_PASSWORD = "登录失败,密码错误。";

        public final static String TOKEN_BLANK = "验证失败,token为空,请登录。";

        public final static String TOKEN_INVALID = "验证失败,token错误。";

        public final static String TOKEN_EXPIRE = "验证失败,token过期,请重新登录。";

        public final static String AUTHENTICATE_FAIL = "无访问权限,请尝试登录或联系管理员。";
}

ReturnMessage返回提示类

package com.lzqs.yuanzilian.constant;

import org.apache.commons.lang3.StringUtils;

import java.io.Serializable;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * 通用的返回类
 **/
public class ReturnMessage implements Serializable {
    //状态码 100-成功,200-失败 400-带信息失败
    private int code;
    //提示信息
    private String msg;
    //用户要返回给浏览器的数据
    private Map<String, Object> data = new LinkedHashMap<>();

    public static ReturnMessage successWithData(Map<String, Object> data) {
        ReturnMessage result = new ReturnMessage();
        result.setCode(100);
        result.setMsg("成功");
        result.setData(data);
        return result;
    }

    public static ReturnMessage success() {
        ReturnMessage result = new ReturnMessage();
        result.setCode(100);
        result.setMsg("成功");
        return result;
    }

    public static ReturnMessage successWithMsg(String newmsg){
        ReturnMessage result = new ReturnMessage();
        result.setCode(100);
        result.setMsg(newmsg);
        return result;
    }

    public static ReturnMessage fail() {
        ReturnMessage result = new ReturnMessage();
        result.setCode(200);
        result.setMsg("系统错误");
        return result;
    }

    public static ReturnMessage failWithMsg(String newmsg) {
        ReturnMessage result = new ReturnMessage();
        result.setCode(400);
        result.setMsg(newmsg);
        return result;
    }


    /**
     * 失败 + 自定义msg,缺省为"处理失败"
     *
     * @param newmsg
     * @return
     */
    public static ReturnMessage failWithMsg(int code, String newmsg) {
        ReturnMessage result = new ReturnMessage();
        result.setCode(code);
        if (StringUtils.isEmpty(newmsg)) {
            newmsg = "处理失败";
        }
        result.setMsg(newmsg);
        return result;
    }

    public int getCode() {
        return code;
    }

    public void setCode(int code) {
        this.code = code;
    }

    public String getMsg() {
        return msg;
    }

    public void setMsg(String msg) {
        this.msg = msg;
    }

    public Map<String, Object> getData() {
        return data;
    }

    public void setData(Map<String, Object> data) {
        this.data = data;
    }

    public ReturnMessage add(String key, Object value) {
        this.getData().put(key, value);
        return this;
    }
}

controller控制器

import com.lzqs.yuanzilian.constant.ReturnMessage;
import com.lzqs.yuanzilian.shiro.util.AuthConstant;
import com.lzqs.yuanzilian.shiro.util.JWTUtil;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.Map;

/**
 * @ClassName UserController
 * @Description
 * @Author XinChunYu
 * @Date 2020/5/29 14:15
 * @Version 1.0
 **/
@Controller
@RequestMapping("/user")
public class UserController {


    @RequestMapping("/login")
    @ResponseBody
    public ReturnMessage login(@RequestBody Map<String, Object> map){
        String username = map.get("username").toString();
        String password = map.get("password").toString();
        User user = null;
        for(User u : UserList.userList){
            if(u.getUsername().equals(username)){
                user = u;
            }
        }
        if(user == null){
            //账号不存在
            return ReturnMessage.failWithMsg(AuthConstant.UNKNOWN_ACCOUNT);
        }else if(!user.getPassword().equals(password)){
            //密码错误
            return ReturnMessage.failWithMsg(AuthConstant.WRONG_PASSWORD);
        }else{
            //通过认证, 生成签名
            String token = JWTUtil.sign(user.getUsername(), user.getPassword());
            return ReturnMessage.success().add("token", token);
        }
    }


    @RequiresPermissions("shop")
    @RequestMapping("/shop")
    @ResponseBody
    public ReturnMessage shop(@RequestBody Map<String, Object> map){

            return ReturnMessage.success();
    }

    @RequiresPermissions("order")
    @RequestMapping("/order")
    @ResponseBody
    public ReturnMessage order(@RequestBody Map<String, Object> map){

        return ReturnMessage.success();
    }

    /**
     * 不加@RequiresPermissions 注解时不会进行用户授权认证
     * @param map
     * @return
     */
    @RequestMapping("/game")
    @ResponseBody
    public ReturnMessage game(@RequestBody Map<String, Object> map){
        return ReturnMessage.success();
    }

    @RequestMapping("/address")
    @ResponseBody
    public ReturnMessage address(@RequestBody Map<String, Object> map){
        return ReturnMessage.success();
    }
}

用户类

package com.lzqs.yuanzilian.shiro.controller;

import java.util.List;

/**
 * @ClassName UserBean
 * @Description 用户表
 * @Author XinChunYu
 * @Date 2020/5/29 13:16
 * @Version 1.0
 **/
public class User {
    private Long userId;
    private String username;
    private String password;
    private String salt;//盐值
    private List<UserRole> userRoleList;

    public User() {
    }

    public User(Long userId, String username, String password, String salt, List<UserRole> userRoleList) {
        this.userId = userId;
        this.username = username;
        this.password = password;
        this.salt = salt;
        this.userRoleList = userRoleList;
    }

    public Long getUserId() {
        return userId;
    }

    public void setUserId(Long userId) {
        this.userId = userId;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public List<UserRole> getUserRoleList() {
        return userRoleList;
    }

    public void setUserRoleList(List<UserRole> userRoleList) {
        this.userRoleList = userRoleList;
    }

    public String getSalt() {
        return salt;
    }

    public void setSalt(String salt) {
        this.salt = salt;
    }
}

角色类

package com.lzqs.yuanzilian.shiro.controller;

import java.util.List;

/**
 * @ClassName UserRole
 * @Description 角色表
 * @Author XinChunYu
 * @Date 2020/5/29 13:34
 * @Version 1.0
 **/
public class UserRole {
    private Long userRoleId;
    private String userRoleName;
    List<UserPermission> userPermissionList;

    public UserRole(Long userRoleId, String userRoleName, List userPermissionList) {
        this.userRoleId = userRoleId;
        this.userRoleName = userRoleName;
        this.userPermissionList = userPermissionList;
    }

    public Long getUserRoleId() {
        return userRoleId;
    }

    public void setUserRoleId(Long userRoleId) {
        this.userRoleId = userRoleId;
    }

    public String getUserRoleName() {
        return userRoleName;
    }

    public void setUserRoleName(String userRoleName) {
        this.userRoleName = userRoleName;
    }

    public List<UserPermission> getUserPermissionList() {
        return userPermissionList;
    }

    public void setUserPermissionList(List<UserPermission> userPermissionList) {
        this.userPermissionList = userPermissionList;
    }
}

权限

package com.lzqs.yuanzilian.shiro.controller;

/**
 * @ClassName Permission
 * @Description 权限表
 * @Author XinChunYu
 * @Date 2020/5/29 13:35
 * @Version 1.0
 **/
public class UserPermission {
    private Long userPermissionId;
    private String userPermissionName;

    public UserPermission(Long userPermissionId, String userPermissionName) {
        this.userPermissionId = userPermissionId;
        this.userPermissionName = userPermissionName;
    }

    public Long getUserPermissionId() {
        return userPermissionId;
    }

    public void setUserPermissionId(Long userPermissionId) {
        this.userPermissionId = userPermissionId;
    }

    public String getUserPermissionName() {
        return userPermissionName;
    }

    public void setUserPermissionName(String userPermissionName) {
        this.userPermissionName = userPermissionName;
    }
}

用户集合在这就不建表查数据库了

package com.lzqs.yuanzilian.shiro.controller;

import java.util.ArrayList;
import java.util.List;

/**
 * @ClassName UserList
 * @Description
 * @Author XinChunYu
 * @Date 2020/5/29 16:15
 * @Version 1.0
 **/
public class UserList {

    public static List<User> userList = new ArrayList<>();
    static{
        ArrayList<UserPermission> userPermissionArrayList1 = new ArrayList<>();
        userPermissionArrayList1.add(new UserPermission(1l,"shop"));
        userPermissionArrayList1.add(new UserPermission(2l,"game"));
        userPermissionArrayList1.add(new UserPermission(1l,"order"));
        userPermissionArrayList1.add(new UserPermission(1l,"address"));
        ArrayList<UserRole> userRoleArrayList1 = new ArrayList<>();
        userRoleArrayList1.add(new UserRole(1L, "老板", userPermissionArrayList1));
        User user1 = new User(1l, "admin", "123456", "iwejfiwjf", userRoleArrayList1);

        ArrayList<UserPermission> userPermissionArrayList2 = new ArrayList<>();
        userPermissionArrayList2.add(new UserPermission(1l,"shop"));
        userPermissionArrayList2.add(new UserPermission(2l,"game"));
        ArrayList<UserRole> userRoleArrayList2 = new ArrayList<>();
        userRoleArrayList2.add(new UserRole(2L, "经理", userPermissionArrayList2));
        User user2 = new User(2l, "xiaoming", "123456", "jfiosjfos", userRoleArrayList2);

        userList.add(user1);
        userList.add(user2);
    }
}

maven坐标

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.7.0</version>
        </dependency>

相关文章

网友评论

      本文标题:springboot + jwt + shiro 前后端分离权限

      本文链接:https://www.haomeiwen.com/subject/sefhzhtx.html