From f4663c941a937a4e22ab6a1cf77902d8a5cd45e3 Mon Sep 17 00:00:00 2001
From: lenovo <https://gitee.com/lisicode/spring.git>
Date: Mon, 13 Aug 2018 11:21:43 +0800
Subject: [PATCH] =?UTF-8?q?0813=2011:30=20=20=E6=9D=83=E9=99=90=20=20lisi?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/pro/info/controller/StandardController.java | 7 +++++++
 src/main/java/com/pro/sys/MyShiroReaml.java              | 3 +--
 .../java/com/pro/sys/controller/LoginController.java     | 8 ++++----
 src/main/java/com/pro/sys/controller/RoleController.java | 9 +++++++++
 src/main/resources/spring-root-shiro.xml                 | 9 ++++++++-
 src/main/web/WEB-INF/views/sys/noper.jsp                 | 7 ++++++-
 6 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/pro/info/controller/StandardController.java b/src/main/java/com/pro/info/controller/StandardController.java
index e983547..44968fc 100644
--- a/src/main/java/com/pro/info/controller/StandardController.java
+++ b/src/main/java/com/pro/info/controller/StandardController.java
@@ -4,6 +4,7 @@ import com.github.pagehelper.PageInfo;
 import com.pro.info.entity.Standard;
 import com.pro.info.service.StandardService;
 import com.pro.sys.entity.Result;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
@@ -20,6 +21,7 @@ public class StandardController {
      * 跳转到产品规格页面
      * @return
      */
+    @RequiresPermissions("/info/standard")
     @RequestMapping("standard")
     public String toStandard(){
         return "info/standard";
@@ -30,6 +32,7 @@ public class StandardController {
      * 展示列表
      * @return
      */
+    @RequiresPermissions("/info/standard")
     @RequestMapping(value="standardTable", method = RequestMethod.GET)
     @ResponseBody
     public Map<String,Object> getStandard(@RequestParam(value = "page" ,defaultValue ="1") int page, @RequestParam(value = "limit",required = false) int pageSize
@@ -49,6 +52,7 @@ public class StandardController {
      * @param standard_id
      * @return
      */
+    @RequiresPermissions("/info/standard")
     @RequestMapping(
             value="/standard/{standard_id}",
             method=RequestMethod.GET
@@ -64,6 +68,7 @@ public class StandardController {
      * @param standard
      * @return
      */
+    @RequiresPermissions("/info/standard")
     @RequestMapping(value = "standard", method = RequestMethod.POST)
     @ResponseBody
     public Result save(Standard standard){
@@ -75,6 +80,7 @@ public class StandardController {
      * @param standard_ids
      * @return
      */
+    @RequiresPermissions("/info/standard")
     @RequestMapping(
             value="standard",
             method=RequestMethod.DELETE
@@ -90,6 +96,7 @@ public class StandardController {
      * @param standard_status
      * @return
      */
+    @RequiresPermissions("/info/standard")
     @RequestMapping(
             value="/standard/status/{standard_status}",
             method=RequestMethod.PUT)
diff --git a/src/main/java/com/pro/sys/MyShiroReaml.java b/src/main/java/com/pro/sys/MyShiroReaml.java
index 7907a22..1e7b23d 100644
--- a/src/main/java/com/pro/sys/MyShiroReaml.java
+++ b/src/main/java/com/pro/sys/MyShiroReaml.java
@@ -18,7 +18,6 @@ public class MyShiroReaml extends AuthorizingRealm {
     @Autowired
     private ShiroService shiroService;
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
-
         /**
          *
          * 流程
@@ -35,7 +34,7 @@ public class MyShiroReaml extends AuthorizingRealm {
             if (permissionsByUser.size()!=0) {
                 for (Module p: permissionsByUser) {
 
-                    info.addStringPermission(p.getM_permission());
+                    info.addStringPermission(p.getM_url());
                 }
                 return info;
             }
diff --git a/src/main/java/com/pro/sys/controller/LoginController.java b/src/main/java/com/pro/sys/controller/LoginController.java
index 1ca5b26..238c884 100644
--- a/src/main/java/com/pro/sys/controller/LoginController.java
+++ b/src/main/java/com/pro/sys/controller/LoginController.java
@@ -1,7 +1,6 @@
 package com.pro.sys.controller;
 
 import com.pro.sys.entity.Menu;
-import com.pro.sys.entity.Module;
 import com.pro.sys.service.ShiroService;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.UnknownAccountException;
@@ -13,9 +12,7 @@ import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 import com.pro.sys.entity.User;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
-import java.util.ArrayList;
 import java.util.List;
 
 @Controller
@@ -63,7 +60,10 @@ public class LoginController {
         }
     }
 
-
+    /**
+     * 无权限跳转
+     * @return
+     */
     @RequestMapping("noper")
     public String noper(){
         return "sys/noper";
diff --git a/src/main/java/com/pro/sys/controller/RoleController.java b/src/main/java/com/pro/sys/controller/RoleController.java
index aa8c09e..a7d1775 100644
--- a/src/main/java/com/pro/sys/controller/RoleController.java
+++ b/src/main/java/com/pro/sys/controller/RoleController.java
@@ -5,6 +5,7 @@ import com.pro.sys.entity.Menu;
 import com.pro.sys.entity.Result;
 import com.pro.sys.entity.Role;
 import com.pro.sys.service.RoleService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -24,6 +25,7 @@ public class RoleController {
      * 跳转到角色管理页面
      * @return
      */
+    @RequiresPermissions("/sys/role")
     @RequestMapping("role")
     public String torole(){
         return "sys/role";
@@ -34,6 +36,7 @@ public class RoleController {
      * 展示列表
      * @return
      */
+    @RequiresPermissions("/sys/role")
     @RequestMapping(value="roleTable", method = RequestMethod.GET)
     @ResponseBody
     public Map<String,Object> getRole(@RequestParam(value = "page" ,defaultValue ="1") int page, @RequestParam(value = "limit",required = false) int pageSize
@@ -53,6 +56,7 @@ public class RoleController {
      * @param ro_id
      * @return
      */
+    @RequiresPermissions("/sys/role")
     @RequestMapping(
             value="/role/{ro_id}",
             method=RequestMethod.GET
@@ -68,6 +72,7 @@ public class RoleController {
      * @param role
      * @return
      */
+    @RequiresPermissions("/sys/role")
     @RequestMapping(value = "role", method = RequestMethod.POST)
     @ResponseBody
     public Result save(Role role){
@@ -79,6 +84,7 @@ public class RoleController {
      * @param ro_ids
      * @return
      */
+    @RequiresPermissions("/sys/role")
     @RequestMapping(
             value="role",
             method=RequestMethod.DELETE
@@ -94,6 +100,7 @@ public class RoleController {
      * @param ro_status
      * @return
      */
+    @RequiresPermissions("/sys/role")
     @RequestMapping(
             value="/role/status/{ro_status}",
             method=RequestMethod.PUT)
@@ -108,6 +115,7 @@ public class RoleController {
      * @param model
      * @return
      */
+    @RequiresPermissions("/sys/role")
     @RequestMapping(
             value="/role/module/{ro_id}",
             method=RequestMethod.GET)
@@ -123,6 +131,7 @@ public class RoleController {
      * @param ro_id
      * @return
      */
+    @RequiresPermissions("/sys/role")
     @RequestMapping(
             value="/role/module/{ro_id}",
             method=RequestMethod.PUT)
diff --git a/src/main/resources/spring-root-shiro.xml b/src/main/resources/spring-root-shiro.xml
index 3f618e7..3e24a92 100644
--- a/src/main/resources/spring-root-shiro.xml
+++ b/src/main/resources/spring-root-shiro.xml
@@ -13,7 +13,6 @@
     <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
         <property name="securityManager" ref="securityManager" /> <!--加载管理器-->
         <property name="loginUrl" value="/sys/login" />    <!--没有登录的时候，跳转到这个页面-->
-        <property name="unauthorizedUrl" value="/sys/noper" /> <!--当没有权限的时候，跳转到这个url-->
         <property name="filterChainDefinitions">
             <value>
                 /static/** = anon<!--放行静态资源-->
@@ -25,6 +24,14 @@
         </property>
     </bean>
 
+    <!--配置无权限时跳转页面-->
+    <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
+        <property name="exceptionMappings">
+            <props>
+                <prop key="org.apache.shiro.authz.UnauthorizedException">/sys/noper</prop>
+            </props>
+        </property>
+    </bean>
     <!-- 自定义Realm -->
     <bean id="myShiroRealm" class="com.pro.sys.MyShiroReaml">
         <!-- businessManager 用来实现用户名密码的查询 -->
diff --git a/src/main/web/WEB-INF/views/sys/noper.jsp b/src/main/web/WEB-INF/views/sys/noper.jsp
index 8d7bf76..889030e 100644
--- a/src/main/web/WEB-INF/views/sys/noper.jsp
+++ b/src/main/web/WEB-INF/views/sys/noper.jsp
@@ -10,7 +10,12 @@
 <head>
     <title>权限不足</title>
 </head>
+<link rel="stylesheet" href="../../../static/bootstrap-4.1.1/bootstrap.min.css" media="all">
 <body>
-权限不足
+<div class="jumbotron">
+<h1>操作权限不足!</h1>
+    <p class="lead">请联系管理员了解详情</p>
+    <p><a class="btn btn-lg btn-primary btn-sm" href="javascript:history.go(-1)">返回上一页</a></p>
+</div>
 </body>
 </html>
-- 
Gitee