shiro 用户权限修改 动态更新权限 重新赋值权限

/**     * 重新赋值权限(在比如:给一个角色临时添加一个权限,需要调用此方法刷新权限,否则还是没有刚赋值的权限)     * @param myRealm 自定义的realm     * @param username 用户名     */    public static void reloadAuthorizing(MyRealm myRealm,String username){        Subject subject = SecurityUtils.getSubject();         String realmName = subject.getPrincipals().getRealmNames().iterator().next();         //第一个参数为用户名,第二个参数为realmName,test想要操作权限的用户         SimplePrincipalCollection principals = new SimplePrincipalCollection(username,realmName);         subject.runAs(principals);         myRealm.getAuthorizationCache().remove(subject.getPrincipals());         subject.releaseRunAs();    }

实际项目代码

//add by jizhun at 重新修改权限后清楚缓存，调用doGetAuthorizationInfo重新取角色的权限信息RealmSecurityManager rsm = (RealmSecurityManager) SecurityUtils.getSecurityManager();ShiroRealm shiroRealm = (ShiroRealm)rsm.getRealms().iterator().next();Subject subject = SecurityUtils.getSubject(); String realmName = subject.getPrincipals().getRealmNames().iterator().next(); logger.info("oper.user="+user.getEmail()+",login.user="+SecurityUtils.getSubject().getPrincipal().toString());//shiroRealm.clearAllCachedAuthorizationInfo2();//清楚所有用户权限//第一个参数为用户名,第二个参数为realmName,test想要操作权限的用户 SimplePrincipalCollection principals = new SimplePrincipalCollection(user.getEmail(),realmName); subject.runAs(principals); shiroRealm.getAuthorizationCache().remove(subject.getPrincipals()); shiroRealm.getAuthorizationCache().remove(user.getEmail()); subject.releaseRunAs();

//清楚所有用户权限

    /**     * 清空所有关联认证     */    public void clearAllCachedAuthorizationInfo2() {        Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();        if (cache != null) {            for (Object key : cache.keys()) {            System.out.println(key+":"+key.toString());                cache.remove(key);            }        }    }