spring-mvc整合shiro安全框架（权限拦截）

权限拦截：

目标：控制不同的用户或角色有不同的操作权限

注解式（也可以使用配置文件实现）

开启注解式授权

1.添加aop相关的依赖

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans.xsd
	http://www.springframework.org/schema/context
	http://www.springframework.org/schema/context/spring-context.xsd
	http://www.springframework.org/schema/mvc
	http://www.springframework.org/schema/mvc/spring-mvc.xsd
    http://www.springframework.org/schema/aop
	http://www.springframework.org/schema/aop/spring-aop.xsd">

2.配置springmvc核心配置文件

<!-- 启动shiro注解 -->   
	<aop:config proxy-target-class="true"></aop:config>
	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
		<property name="securityManager" ref="securityManager" />
	</bean>

3.Realm实现授权

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    System.out.println("授权处理");
    //得到SimpleAuthenticationInfo对象第一个参数值
   String username = (String) principalCollection.getPrimaryPrincipal();
    //装权限信息的集合
   Set<String> permissionsSet = new HashSet<>();
   if("admin".equals(username)){
       //设置当前用户的权限
        permissionsSet.add("toAdd");
       permissionsSet.add("toUpdate");
   }else if("xiaobai".equals(username)){
       permissionsSet.add("toAdd");
   }
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.setStringPermissions(permissionsSet);
    return authorizationInfo;
}