Shiro拦截器给方法授权，赋访问权限

ShiroConfig配置类重写授权方法:

    //授权方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
        //从session中获取到当前登录的用户对象
        //Object principal = SecurityUtils.getSubject().getPrincipal();
        UserBean primaryPrincipal = (UserBean) principal.getPrimaryPrincipal();
        //后台数据库查询是否由此字段并返回权限字
        List<String> powerList = userService.queryPowerKeyByUserId(primaryPrincipal.getId());  
        //List<String> objects = new ArrayList<>();
        //赋权限
        //objects.add("user:findUserList");
        //创建一个授权器
        SimpleAuthorizationInfo sai = new SimpleAuthorizationInfo();
        sai.addStringPermissions(powerList);
        return sai;
    }

Mapper层根据sql查询出权限字:

    @Select("select distinct pm.remark from t_user_role ur,t_role_power rp,t_power_menu pm         where ur.roleid = rp.roleid\n" +
            "            and rp.powerid = pm.powerId\n" +
            "            and ur.userid = #{value}")
    List<String> queryPowerKeyByUserId(Integer  id);

给你的方法加一个注解@RequiresPermissions("user:findUserList")(权限字)

    // 分页用户查询
    @RequiresPermissions("user:findUserList")
    @RequestMapping("findUserList")
    @ResponseBody
    public EasyuiPage findUserList(Integer page, Integer rows, UserBean userBean) {
        return userService.findUser(page, rows, userBean);
    }

如果你从后台查出的权限字和@RequiresPermissions中的权限字一致，则必须给用户赋权限才可以访问，否则无法访问。

MySql remark字段: