import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping(value="/user")
public class TestController {
@RequestMapping(value="/test")
public String test(){
System.out.println("TestController.test()");
return "ok";
}
@RequestMapping(value="/login")
public String login(String username,String password){
System.out.println("TestController.login()");
//1.获得subject
Subject subject = SecurityUtils.getSubject();
//2.判断是否登录
if(!subject.isAuthenticated()){
//封装用户名和密码
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
try {
token.setRememberMe(true);//true代表记住我,默认时false
subject.login(token);//登录(调用realm认证)
} catch (AuthenticationException e) {//所用认证的异常父类
System.out.println("认证失败");
return "login";
}
}
return "ok";
}
// @RequiresRoles("admin")//拥有admin角色才能调用该方法,如果没有角色又在调用这个方法就会抛出异常
@RequiresPermissions("user:add")//拥有user:add的权限才能调用该方法
@RequestMapping(value="/add")
public String add(){
System.out.println("TestController.add()");
return "ok";
}
@RequiresPermissions("user:update")//拥有user:update的权限才能调用该方法
@RequestMapping(value="/update")
public String update(){
System.out.println("TestController.update()");
return "ok";
}
@RequiresPermissions("user:query")//拥有user:query的权限才能调用该方法
@RequestMapping(value="/query")
public String query(){
System.out.println("TestController.query()");
return "ok";
}
@RequiresPermissions("user:delete")//拥有user:query的权限才能调用该方法
@RequestMapping(value="/delete")
public String delete(){
System.out.println("TestController.delete()");
return "ok";
}
} |
|
转播
