shiro授权时前端js如何拿到数据库查到的权限字符串
---恢复内容开始---
思路:数据库查询权限表,将权限存入session作用域,前台定义js变量获取,js分割字符串,拿到权限字符串
代码
后台查数据库存入session
package com.lhc.shiro;
import com.lhc.entity.Admin;
import com.lhc.entity.Authority;
import com.lhc.service.AdminService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpSession;
import java.util.ArrayList;
import java.util.List;
public class MyReal extends AuthorizingRealm {
@Autowired
AdminService adminService;
@Override//授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//主体赋予 角色 权限 通过主体 查 角色 通过角色 查 权限
System.out.println("=============================================++++++++000000");
String primaryPrincipal = (String)principalCollection.getPrimaryPrincipal();
Admin admin = adminService.AdminAuthority(primaryPrincipal);
String role = admin.getDuty();
System.out.println(role);
List<Authority> authorities = admin.getAuthorityList();
List<String> list = new ArrayList<>();
//获取session
ServletRequestAttributes attrs =(ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpSession session = attrs.getRequest().getSession();
// session.setAttribute("authorities",authorities);
session.setAttribute("role",role);
SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
authorizationInfo.addRole(role);//角色赋予
for (Authority authority : authorities) {//权限赋予
list.add(authority.getOperate_right());
System.out.println(authority.getOperate_right());
authorizationInfo.addStringPermission(authority.getOperate_right());
}
session.setAttribute("authorities",list);
return authorizationInfo;
}
@Override//认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String adminName = (String) authenticationToken.getPrincipal();
Admin admin = adminService.loginCheck(adminName);
AuthenticationInfo authenticationInfo = null;
if (admin!=null) {
System.out.println("shiro---"+admin);
authenticationInfo = new SimpleAuthenticationInfo(admin.getName(), "68609b8b64988c0f4def093eaa025e05", ByteSource.Util.bytes("abcd"), this.getName());
return authenticationInfo;
}
return null;
}
}
前台获取session数据:
//登陆者的权限获取
var authorities="<%=session.getAttribute("authorities")%>";
console.log(authorities)//打印出来为:[add,query,delete] 单纯的字符串形式,并不是数组["add","query","delete"],接下来进行分割得到需要的权限字符串
var resultpers = authorities.replace('[','').replace(']','').split(',');
//分割后的resultpers为字符串数组["add","query","delete"],for或者$.each(resultpers, function(i, n){}遍历即可拿到值(i坐标,n为值)