shiro+spring认证

 */public class CustomRealm extends AuthorizingRealm{    @Override    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection){        String username = (String) principalCollection.getPrimaryPrincipal();      /*  User user = new User();        user.setUsername(username);*/        //查询角色信息        /*List<Role> roles = ser.queryRoleByUsername(username);*/        /**         *List<Role> roles = userService.queryRoleByUsername(username);         * a.select id from t_user where username='zhangsan'         * b.select role_id from t_user_role where user_id=(a.select id from t_user where username='zhangsan')         * c.select * from t_role where id in (select role_id from t_user_role where user_id=(a.select id from t_user where username='zhangsan'))         */        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();        if (roles!=null){            /**             *  for (Role role: roles) {             String rolename = role.getRoleName();             info.addRole(roleName);             a. select permission_id from t_role_permisson where role_id=1             b. select * from t_permission where id in (select permission_id from t_role_permisson where role_id=1)             List<Permission> permission = userService.queryPermissionByRoleId(role.getId());             for(Permission permisseion :permissions){             //封装权限信息             info.addStringPermission(permission.getPermissionname());             }             }             *             */            for (Role role: roles                 ) {                String rolename = role.getRoleName();                info.addRole(rolename);                List<Permission> permissions = ser.queryPermissionByRoleId(role.getId());                for (Permission permission: permissions                     ) {                    //封装权限信息                    info.addStringPermission(permission.getPermissionname());                }            }        }        return null;    }    /**     * 获取认证信息     * @param token     * @return     * @throws AuthenticationException     */    @Override    protected AuthenticationInfo doGetAuthenticationInfo(            AuthenticationToken token) throws AuthenticationException{       String username =  (String) token.getPrincipal();       //查询数据库        User user = ser.queryUserByUsername(username);        if(user!=null){            return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),user.getSale());        }        return null;    }}