/**
   * 創(chuàng)建ShiroFilterFactoryBean
   */
  @Bean
  public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
    //設(shè)置安全管理器
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    
    //添加Shiro內(nèi)置過濾器
    /**
     * Shiro內(nèi)置過濾器，可以實(shí)現(xiàn)權(quán)限相關(guān)的攔截器
     * 常用的過濾器：
     *   anon：無需認(rèn)證（登錄）可以訪問
     *   authc：必須認(rèn)證才可以訪問
     * user：如果使用rememberMe的功能可以直接訪問
     * perms：該資源必須得到資源權(quán)限才可以訪問
     * role：該資源必須得到角色權(quán)限才可以訪問
     */  
    Map<String, String> filterMap= new LinkedHashMap<String,String>();
    
    
    //設(shè)置攔截后跳轉(zhuǎn)的請(qǐng)求路徑
    shiroFilterFactoryBean.setLoginUrl("/user/badRequest");
    //設(shè)置未授權(quán)提示的頁面
    shiroFilterFactoryBean.setUnauthorizedUrl("/user/badRequest");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
    return shiroFilterFactoryBean;
  }

/**
   * 執(zhí)行授權(quán)邏輯
   */
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
    System.out.println("開始執(zhí)行Shiro的授權(quán)方法...");
    
    //給資源進(jìn)行授權(quán)
    SimpleAuthorizationInfo info= new SimpleAuthorizationInfo();
    
    //添加資源的授權(quán)字符串
    info.addStringPermission("user:add");
    
    return null;
  }

/**
   * 執(zhí)行認(rèn)證邏輯
   */
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
    System.out.println("開始執(zhí)行Shiro的認(rèn)證方法...");    
    //編寫Shiro判斷邏輯，判斷用戶名和密碼
    //判斷用戶名是否存在
    UsernamePasswordToken token=(UsernamePasswordToken)arg0;
    User user = userMapper.findByUsername(token.getUsername());
    if(user==null)
      return null;
    //判斷密碼是否正確,參數(shù)一為認(rèn)證的實(shí)體
    return new SimpleAuthenticationInfo(user,user.getPassword(),"");
  }

/**
   * 執(zhí)行授權(quán)邏輯
   */
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
    System.out.println("開始執(zhí)行Shiro的授權(quán)方法...");
    
    //給資源進(jìn)行授權(quán)
    SimpleAuthorizationInfo info= new SimpleAuthorizationInfo();
    
    //添加資源的授權(quán)字符串
    info.addStringPermission("user:register");
    
    //獲取當(dāng)前的登錄用戶
    User user=(User)SecurityUtils.getSubject().getPrincipal();        
    return null;
  }