新增使用菜单表配置初始化shiro权限责任链

src/main/java/net/chenlin/dp/common/support/config/ShiroConfig.java

@@ -4,7 +4,9 @@ import net.chenlin.dp.common.support.properties.GlobalProperties;
 import net.chenlin.dp.common.support.shiro.listener.UserSessionListener;
 import net.chenlin.dp.common.support.shiro.session.UserSessionDAO;
 import net.chenlin.dp.common.support.shiro.session.UserSessionFactory;
+import net.chenlin.dp.modules.sys.shiro.ShiroPermsFilterFactoryBean;
 import net.chenlin.dp.modules.sys.shiro.UserFilter;
+import net.chenlin.dp.modules.sys.shiro.UserPermFilter;
 import net.chenlin.dp.modules.sys.shiro.UserRealm;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.session.SessionListener;
@@ -81,7 +83,7 @@ public class ShiroConfig {
      */
     @Bean
     public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
-        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
+        ShiroPermsFilterFactoryBean shiroFilter = new ShiroPermsFilterFactoryBean();
         shiroFilter.setSecurityManager(securityManager);
 
         shiroFilter.setLoginUrl("/login");
@@ -91,17 +93,17 @@ public class ShiroConfig {
         shiroFilter.setUnauthorizedUrl("/error/403");
 
         //user过滤器，处理ajax请求超时不跳转情况
-        Map<String, Filter> filters = new HashMap<>();
+        Map<String, Filter> filters = new HashMap<>(2);
         filters.put("user", new UserFilter());
+        filters.put("perms", new UserPermFilter());
         shiroFilter.setFilters(filters);
 
-        Map<String, String> filterMap = new LinkedHashMap<>();
+        Map<String, String> filterMap = new LinkedHashMap<>(5);
         filterMap.put("/static/**", "anon");
         filterMap.put("/error/**", "anon");
         filterMap.put("/login", "anon");
         filterMap.put("/captcha.jpg", "anon");
         filterMap.put("/rest/**", "anon");
-        filterMap.put("/**", "user");
         shiroFilter.setFilterChainDefinitionMap(filterMap);
 
         return shiroFilter;

src/main/java/net/chenlin/dp/modules/sys/shiro/ShiroPermsFilterFactoryBean.java

@@ -0,0 +1,44 @@
+package net.chenlin.dp.modules.sys.shiro;
+
+import net.chenlin.dp.common.entity.Query;
+import net.chenlin.dp.common.utils.SpringContextUtils;
+import net.chenlin.dp.modules.sys.dao.SysMenuMapper;
+import net.chenlin.dp.modules.sys.entity.SysMenuEntity;
+import org.apache.commons.lang.StringUtils;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 产生责任链，确定每个url的访问权限
+ * @author zcl<yczclcn@163.com>
+ */
+public class ShiroPermsFilterFactoryBean extends ShiroFilterFactoryBean {
+
+	private static final Logger LOGGER = LoggerFactory.getLogger(ShiroPermsFilterFactoryBean.class);
+	
+	private SysMenuMapper sysMenuMapper = SpringContextUtils.getBean("sysMenuMapper", SysMenuMapper.class);
+
+	/**
+	 * 增加数据库权限
+	 * @param filterChainDefinitionMap
+	 */
+	@Override
+	public void setFilterChainDefinitionMap(Map<String, String> filterChainDefinitionMap) {
+		List<SysMenuEntity> lists = sysMenuMapper.list(new Query());
+		for(SysMenuEntity menu : lists) {
+			String permKey = menu.getPerms();
+			String permUrl = menu.getUrl();
+			if(StringUtils.isNotEmpty(permKey) && StringUtils.isNotEmpty(permUrl)) {
+				filterChainDefinitionMap.put(permUrl, "perms[" + permKey + "]");
+			}
+		}
+		filterChainDefinitionMap.put("/**", "user");
+		super.setFilterChainDefinitionMap(filterChainDefinitionMap);
+		LOGGER.info("init perms finished.");
+	}
+
+}

src/main/java/net/chenlin/dp/modules/sys/shiro/UserPermFilter.java

@@ -0,0 +1,34 @@
+package net.chenlin.dp.modules.sys.shiro;
+
+import net.chenlin.dp.common.entity.R;
+import net.chenlin.dp.common.utils.JSONUtils;
+import net.chenlin.dp.common.utils.WebUtils;
+import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * 用户权限过滤器
+ * @author zcl<yczclcn@163.com>
+ */
+public class UserPermFilter extends PermissionsAuthorizationFilter {
+
+    @Override
+    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+        if (WebUtils.isAjax(httpServletRequest)) {
+            // ajax请求返回json
+            R error = R.error("没有权限，请联系管理员授权");
+            WebUtils.write(httpServletResponse, JSONUtils.beanToJson(error));
+        } else {
+            // 非异步请求直接跳转权限错误页面
+            httpServletResponse.sendRedirect("/error/403");
+        }
+        return false;
+    }
+}