基于shiro和token的权限控制
2019-02-11 16:20:21 84 举报shiro的权限控制
作者其他创作
大纲/内容
调用
注入
OAuth2Realm.doGetAuthenticationInfo(token);
@beanauthorizationAttributeSourceAdvisor
生成
继承
DefaultSecurityManager.authenticate(token)
AbstractAuthenticator.doAuthenticate(token)
注册到
AuthorizingRealm
@RequiresPermissions(\"sys:role:list\")
把AuthenticationInfo放入Principals
被引用(filters.put(\"oauth2\
securityManager@Bean(\"securityManager\")
SysLoginController
shiroService@service
sysUserTokenDao
调用接口
securityManager
sysUserDao
OAuth2Filter
登录流程结束
登录成功
ShiroConfig(@Configuration)
AuthenticatingSecurityManager.authenticator.authenticate(token);
sessionManager(@Bean(\"sessionManager\"))
sessionManageroAuth2Realm
AuthenticatingRealm.getAuthenticationInfo(token)
如果接口需要权限
@Bean(\"lifecycleBeanPostProcessor\")LifecycleBeanPostProcessor
realm.getAuthenticationInfo(token);
@Component OAuth2Realm
拦截
匹配到
shiroFilter@Bean(\"shiroFilter\")
subject.login(token);
@Bean public FilterRegistrationBean shiroFilterRegistration()
执行
executeLogin
@BeandefaultAdvisorAutoProxyCreator
onAccessDenied
OAuth2Realm.doGetAuthorizationInfo(PrincipalCollection principals);
FilterConfig@Configuration
AuthenticatingFilter
AuthenticatingRealm.getCachedAuthenticationInfo(token);
shiroFilter
sysMenuDao
把信息放入info
登录,并返回token
login
收藏
收藏
0 条评论
下一页
