## 重写MyRealm中的doGetAuthorizationInfo方法 ``` @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { User user = (User) SecurityUtils.getSubject().getPrincipal(); if(user!=null){ SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); //获取当前用户角色 String role = user.getUserRole().getName(); authorizationInfo.addRole(role); //获取当前用户的资源ID String [] perms = user.getUserRole().getJurisdiction().getSaid().split(","); for(String prem :perms){ authorizationInfo.addStringPermission(prem); } return authorizationInfo; } return null; } ``` ## 动态配置过滤规则 在resources文件下创建shiro.ini，添加默认的权限配置 格式如下： ``` [urls] #用于 web，提供了对 web url 拦截相关的配置，url=拦截器[参数]，拦截器 /index.html = anon /admin/** = authc, roles[admin] ``` 创建MyChainDefinitions动态加载权限配置 ``` import org.apache.shiro.config.Ini; import org.apache.shiro.web.config.IniFilterChainResolverFactory; import org.springframework.beans.factory.FactoryBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.CollectionUtils; import java.io.InputStream; import java.text.MessageFormat; import java.util.Map; public class MyChainDefinitions implements FactoryBean<Ini.Section> { public static final String PREMISSION_STRING = "perms[{0}]"; private InputStream filterChainDefinitions; public void setFilterChainDefinitions(InputStream filterChainDefinitions) { this.filterChainDefinitions = filterChainDefinitions; } @Autowired private JurisdictionService jurisdictionService; @Override public Ini.Section getObject() { /** 查询数据库中所有的资源格式为： * url role * 资源路径,角色,角色1,角色2... */ Map<String,String> urls =JurisdictionService.findByCondition(); //加载配置默认的过滤链 Ini ini = new Ini(); ini.load(filterChainDefinitions); Ini.Section section = ini.getSection(IniFilterChainResolverFactory.URLS); if (CollectionUtils.isEmpty(section)) { section = ini.getSection(Ini.DEFAULT_SECTION_NAME); } for (String url : urls.keySet()) { String[] perms = urls.get(url).split(","); StringBuilder permFilters = new StringBuilder(); for (int i = 0; i < perms.length; i++) { permFilters.append(perms[i]).append(","); } //去掉末尾的逗号 String str = permFilters.substring(0, permFilters.length() - 1); //生成结果如：/dotest1.html = authc, perms[admin] section.put(url, MessageFormat.format(PREMISSION_STRING, str)); } return section; } @Override public Class<?> getObjectType() { return this.getClass(); } @Override public boolean isSingleton() { return false; } } ``` ## 修改ShiroConfiguration ``` 1，增加myChainDefinitions方法 private MyChainDefinitions myChainDefinitions(){ MyChainDefinitions myChainDefinitions = new MyChainDefinitions(); ClassPathResource classPathResource = new ClassPathResource("shiro.ini"); try { InputStream inputStream = classPathResource.getInputStream(); myChainDefinitions.setFilterChainDefinitions(inputStream); } catch (IOException e) { e.printStackTrace(); } return myChainDefinitions; },2，修改shiroFilterFactoryBean方法 删除配置URL的filterChainDefinitionMap 将shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap) 替换为 shiroFilterFactoryBean.setFilterChainDefinitionMap(myChainDefinitions().getObject()); ``` ## 将权限改为|| 之前默认是&& ``` import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authz.AuthorizationFilter; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; public class AnyPermissionsAuthorizationFilter extends AuthorizationFilter { @Override protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object mappedValue) throws Exception { Subject subject = getSubject(servletRequest, servletResponse); String[] perms = (String[]) mappedValue; for (String perm : perms) { if (subject.isPermitted(perm)) { return true; } } return false; } } ```