Spring Boot(二)—— Shiro 权限控制

caroly 2020年07月16日 146次浏览

『Shiro』可以非常快速的完成认证、授权等功能的开发,降低系统成本。实现用户身份认证,权限授权、加密、会话管理等功能。

此『Demo』为『maven』工程,前后端分离。前端略显基础,着重后端,采用技术为:Spring Boot、MyBatis、MySQL、Shiro

依赖

『pom.xml』配置如下:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.3.1.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.xxyl</groupId>
    <artifactId>cpr_manager</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>cpr_manager</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.3.2</version>
        </dependency>

        <!--实体类-->
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.16.10</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-configuration-processor</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-jta-atomikos</artifactId>
        </dependency>

        <!-- 分页 -->
        <dependency>
            <groupId>com.github.pagehelper</groupId>
            <artifactId>pagehelper-spring-boot-starter</artifactId>
            <version>1.2.10</version>
        </dependency>

        <!--validation-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>

        <!--数据库-->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>8.0.15</version>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>1.3.2</version>
        </dependency>

        <!--json-->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.47</version>
        </dependency>

        <!-- druid连接池 -->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>1.0.9</version>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>


表设计

开发用户--角色--权限管理系统,一般会涉及五张基础表:

  • users: 用户表
  • roles: 角色表
  • permissions: 权限表
  • users_roles: 用户--角色关联表
  • roles_permissions: 角色--权限关联表

建表语句如下:

create table users (
    id int not null auto_increment,
    name varchar(100) commit '用户名',
    password varchar(100) commit '密码',
    salt varchar(100) commit '盐'
) charset=utf8 ENGINE=InnoDB;

create table roles (
    id int not null auto_increment,
    name varchar(100) commit '角色名',
    desc_ varchar(255) commit '角色描述'
) charset=utf8 ENGINE=InnoDB;

create table permission (
    id int not null auto_increment,
    name varchar(100) commit '权限名',
    desc_ varchar(255) commit '权限描述'
) charset=utf8 ENGINE=InnoDB;

create table users_roles (
    id int not null auto_increment,
    uid int commit '用户id',
    rid int commit '角色id'
) charset=utf8 ENGINE=InnoDB;

create table roles_permission (
    id int not null auto_increment,
    rid int commit '角色id',
    pid int commit '权限id'
) charset=utf8 ENGINE=InnoDB;

Shiro配置

ShiroConfig.java

@Configuration
public class ShiroConfig {

    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 没有登录或登陆失效的用户请求页面时候自动跳转到登录页
        shiroFilterFactoryBean.setLoginUrl("/login");
        // 登录的用户访问没有授权的资源自动跳转的页面
        shiroFilterFactoryBean.setUnauthorizedUrl("/notRole");

        Map<String, Filter> filterMap = new LinkedHashMap<String, Filter>();
        // 解决跨域、过滤options请求问题。
        filterMap.put("url", new SimpleCORSFilter());

        //拦截器. 
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();

        //配置映射关系  登录页和无权限页无需认证
        filterChainDefinitionMap.put("/login", "anon");
        filterChainDefinitionMap.put("/notRole", "anon");
        // 此处可以直接配置退出,如果需要在退出时候做一些操作,则自写接口。
        //        filterChainDefinitionMap.put("/logout", "logout");

        filterChainDefinitionMap.put("/**", "url");

        shiroFilterFactoryBean.setFilters(filterMap);
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //设置realm.
        securityManager.setRealm(getDatabaseRealm());
        // 使用自定义的会话管理
        securityManager.setSessionManager(sessionManager());
        // 记住密码, 7天
        securityManager.setRememberMeManager(cookieRememberMeManager());
        return securityManager;
    }

    @Bean("sessionManager")
    public SessionManager sessionManager() {
        SessionManager manager = new SessionManager();
        /*使用了shiro自带缓存,
        如果设置 redis为缓存需要重写CacheManager(其中需要重写Cache)
        manager.setCacheManager(this.RedisCacheManager());*/
        manager.setSessionDAO(new EnterpriseCacheSessionDAO());
        manager.setGlobalSessionTimeout(1800000L);

        manager.setSessionIdCookieEnabled(true);
        manager.setSessionIdCookie(sessionIdCookie());
        return manager;
    }

    /**
     * 指定本系统sessionid, 问题: 与servlet容器名冲突, 如jetty, tomcat 等默认jsessionid,
     * 当跳出shiro servlet时如error-page容器会为jsessionid重新分配值导致登录会话丢失!
     *
     * @return
     */
    @Bean
    public SimpleCookie sessionIdCookie() {
        SimpleCookie simpleCookie = new SimpleCookie("shiro.name");
        simpleCookie.setName("shiro.name");
        simpleCookie.setHttpOnly(true);
        simpleCookie.setPath("/");
        simpleCookie.setMaxAge(24*60*60);
        return simpleCookie;
    }

    @Bean
    public CustomRealm getDatabaseRealm() {
        CustomRealm myShiroRealm = new CustomRealm();
        myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return myShiroRealm;
    }

    /**
     * 凭证匹配器
     * (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了
     * 所以我们需要修改下doGetAuthenticationInfo中的代码;
     * )
     *
     * @return
     */
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();

        hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法;
        hashedCredentialsMatcher.setHashIterations(2);//散列的次数,比如散列两次,相当于 md5(md5(""));

        return hashedCredentialsMatcher;
    }

    /**
     * 开启shiro aop注解支持.
     * 使用代理方式;所以需要开启代码支持;
     *
     * @param securityManager
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    /**
     * *
     * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
     * *
     * 配置以下两个bean(DefaultAdvisorAutoProxyCreator(可选)和AuthorizationAttributeSourceAdvisor)即可实现此功能
     * * @return
     */
    @Bean
    @DependsOn({"lifecycleBeanPostProcessor"})
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }

    /**
     * 1.配置Cookie对象
     * 记住我的cookie:rememberMe
     * @return  SimpleCookie rememberMeCookie
     */
    @Bean
    public SimpleCookie rememberMeCookie() {
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
        //simpleCookie.setHttpOnly(true);
        //单位(秒)7天
        simpleCookie.setMaxAge(60*60*24*7);
        return simpleCookie;
    }

    /**
     * 2.配置cookie管理对象
     * @return CookieRememberMeManager
     */
    @Bean
    public CookieRememberMeManager cookieRememberMeManager() {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        return cookieRememberMeManager;
    }
}

SimpleCORSFilter.java

@Component
@WebFilter(filterName = "SimpleCORSFilter", urlPatterns ="/*" )
public class SimpleCORSFilter implements Filter {

    private static final Logger logger = LoggerFactory.getLogger(SimpleCORSFilter.class);
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        logger.info("请求拦截:"+ ((HttpServletRequest) request).getRequestURI());
        /*
         *  设置允许跨域请求
         */
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "content-type, accept");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST");
        httpServletResponse.setStatus(200);
        httpServletResponse.setContentType("text/plain;charset=utf-8");
        httpServletResponse.setCharacterEncoding("utf-8");
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        httpServletResponse.setHeader("Access-Control-Max-Age", "0");
        httpServletResponse.setHeader("Access-Control-Allow-Headers",
                                      "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, " +
                                      "Content-Type, X-E4M-With,userId,token,WG-Token, Authorization");
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("XDomainRequestAllowed", "1");

        /*
            过虑 OPTIONS 请求
         */
        String type = httpServletRequest.getMethod();
        if (type.toUpperCase().equals("OPTIONS")) {
            return;
        }

        chain.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        //        String isCrossStr = filterConfig.getInitParameter("IsCross");
        //        isCross = isCrossStr.equals("true") ? true : false;
        //        System.out.println(isCrossStr);
    }
    @Override
    public void destroy() {
        //        isCross = false;
    }
}

CustomRealm.java

public class CustomRealm extends AuthorizingRealm {

    @Autowired
    private UserBiz userBiz;

    /**
     * 授权
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //1. 从 PrincipalCollection 中来获取登录用户的信息
        String userName = (String) principalCollection.getPrimaryPrincipal();
        User user = userBiz.findUserByUsername(userName);
        //2.添加角色和权限
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        Set<String> permissions = new HashSet<>();
        Set<String> roles = new HashSet<>();
        for (Role role : user.getRoles()) {
            //2.1添加角色
            roles.add(role.getName());
            for (Permission permission : role.getPermissions()) {
                //2.1.1添加权限
                permissions.add(permission.getName());
            }
        }
        simpleAuthorizationInfo.addRoles(roles);
        simpleAuthorizationInfo.addStringPermissions(permissions);
        return simpleAuthorizationInfo;
    }

    /**
     * 认证
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String userName = (String) authenticationToken.getPrincipal();

        //同一账号同一时间只能在一个地方登陆
        DefaultWebSecurityManager securityManager = (DefaultWebSecurityManager) SecurityUtils.getSecurityManager();
        DefaultWebSessionManager sessionManager = (DefaultWebSessionManager)securityManager.getSessionManager();
        Collection<Session> sessions = sessionManager.getSessionDAO().getActiveSessions();//获取当前已登录的用户session列表
        for(Session session:sessions){
            //清除该用户以前登录时保存的session
            if(userName.equals(String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY)))) {
                sessionManager.getSessionDAO().delete(session);
            }
        }

        //根据用户名从数据库获取密码
        User user = userBiz.findUserByUsername(userName);
        String passwordInDB = "", salt = "";
        if (user != null) {
            passwordInDB = user.getPassword();
            salt = user.getSalt();
        }
        return new SimpleAuthenticationInfo(userName, passwordInDB, ByteSource.Util.bytes(salt), getName());
    }
}

SessionManager.java

public class SessionManager extends DefaultWebSessionManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultWebSessionManager.class);
    private String authorization = "Authorization";

    /**
     * 重写获取sessionId的方法调用当前Manager的获取方法
     *
     * @param request
     * @param response
     * @return
     */
    @Override
    protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
        return this.getReferencedSessionId(request, response);
    }

    /**
     * 获取sessionId从请求中
     *
     * @param request
     * @param response
     * @return
     */
    private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {
        String id = this.getSessionIdCookieValue(request, response);
        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "cookie");
        } else {
            id = this.getUriPathSegmentParamValue(request, "JSESSIONID");
            if (id == null) {
                // 获取请求头中的session
                id = WebUtils.toHttp(request).getHeader(this.authorization);
                if (id == null) {
                    String name = this.getSessionIdName();
                    id = request.getParameter(name);
                    if (id == null) {
                        id = request.getParameter(name.toLowerCase());
                    }
                }
            }
            if (id != null) {
                request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "url");
            }
        }

        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        }
        return id;
    }

    private String getSessionIdCookieValue(ServletRequest request, ServletResponse response) {
        if (!this.isSessionIdCookieEnabled()) {
            log.debug("Session ID cookie is disabled - session id will not be acquired from a request cookie.");
            return null;
        } else if (!(request instanceof HttpServletRequest)) {
            log.debug("Current request is not an HttpServletRequest - cannot get session ID cookie.  Returning null.");
            return null;
        } else {
            HttpServletRequest httpRequest = (HttpServletRequest) request;
            return this.getSessionIdCookie().readValue(httpRequest, WebUtils.toHttp(response));
        }
    }

    private String getUriPathSegmentParamValue(ServletRequest servletRequest, String paramName) {
        if (!(servletRequest instanceof HttpServletRequest)) {
            return null;
        } else {
            HttpServletRequest request = (HttpServletRequest) servletRequest;
            String uri = request.getRequestURI();
            if (uri == null) {
                return null;
            } else {
                int queryStartIndex = uri.indexOf(63);
                if (queryStartIndex >= 0) {
                    uri = uri.substring(0, queryStartIndex);
                }

                int index = uri.indexOf(59);
                if (index < 0) {
                    return null;
                } else {
                    String TOKEN = paramName + "=";
                    uri = uri.substring(index + 1);
                    index = uri.lastIndexOf(TOKEN);
                    if (index < 0) {
                        return null;
                    } else {
                        uri = uri.substring(index + TOKEN.length());
                        index = uri.indexOf(59);
                        if (index >= 0) {
                            uri = uri.substring(0, index);
                        }

                        return uri;
                    }
                }
            }
        }
    }

    private String getSessionIdName() {
        String name = this.getSessionIdCookie() != null ? this.getSessionIdCookie().getName() : null;
        if (name == null) {
            name = "JSESSIONID";
        }
        return name;
    }
}

登录/退出

@Controller
public class LoginController {

    @Autowired
    public UserBiz userBiz;

    @RequestMapping(value = "/login", method = RequestMethod.POST)
    @ResponseBody
    public JSONObject login(@Validated LoginDTO loginDTO) {
        // 从SecurityUtils里边创建一个 subject
        Subject subject = SecurityUtils.getSubject();
        // 在认证提交前准备 token(令牌)
        UsernamePasswordToken token = new UsernamePasswordToken(loginDTO.getUsername(), loginDTO.getPassword());
        JSONObject jsonObject = new JSONObject();
        // 执行认证登陆
        try {
            // 无操作30分钟后登录失效。
            subject.getSession().setTimeout(1800000);
            subject.login(token);
            
            jsonObject.put("username", user.getNickname());
        } catch (AuthenticationException ae) {
            jsonObject.put("msg", "用户名或密码不正确");
            return jsonObject;
        }
        if (subject.isAuthenticated()) {
            jsonObject.put("sessionId",subject.getSession().getId());

            Session session = subject.getSession();
            session.setAttribute("subject", subject);

            return jsonObject;
        } else {
            token.clear();
            jsonObject.put("msg", "登录失败");
            return jsonObject;
        }
    }

    @ResponseBody
    @RequestMapping(value = "/logout")
    public JSONObject logout() {
        try {
            Subject lvSubject=SecurityUtils.getSubject();
            lvSubject.logout();
            // 如果退出时候有其他操作,可以写在此处
            JSONObject jsonObject = new JSONObject();
            jsonObject.put("msg", "退出成功");
            return jsonObject;
        } catch (Exception e){
            jsonObject.put("msg", "退出失败");
            return jsonObject;
        }
    }
}

注册

@RequiresPermissions("addUser")   // 使用注解方式来验证权限
@ResponseBody
@RequestMapping(value = "/addUser")
public JSONObject addUser(User user, @RequestParam String role){
    try {
        JSONObject jsonObject = new JSONObject();
        // 验证输入
        ... ...
        // 生成密码以及盐
        PasswordAndSalt passwordAndSalt= new PasswordAndSalt();
        String[] strings= passwordAndSalt.getPasswordAndSalt("", 2);
        user.setPassword(strings[1]);
        user.setSalt(strings[0]);
        Date d = new Date();
        SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        user.setCreatetime(sdf.format(d));
        userMapper.addUser(user);     
        int id= user.getId();  // 插入后的id
        String[] strings1= role.split(";");
        List<UserRole> list= new ArrayList<>();
        for (String str : strings1) {
            UserRole userRole= new UserRole();
            userRole.setUid(id);
            userRole.setRid(Integer.parseInt(str));
            list.add(userRole);
        }
        courseMapper.addUserRole(list);       // 插入用户-角色关系    
    }catch (Exception e){
        e.printStackTrace();
        jsonObject.put("msg", "账号添加失败");
        return jsonObject;
    }
    jsonObject.put("msg", "账号添加成功");
    return jsonObject;
}

PasswordAndSalt.java

public class PasswordAndSalt {

    public static String password = "123456";
    public static int number= 2;            // 加密次数

    public String[] getPasswordAndSalt(String pwd, int num){
        if(pwd.equals("")){
            pwd= password;
        }
        if(num<= 0){
            num= number;
        }
        String newSalt = new SecureRandomNumberGenerator().nextBytes().toString(); //盐量随机
        String newPwd= new Md5Hash(pwd, newSalt, num).toString();  // 新密码
        String[] strings= new String[2];
        strings[0]= newSalt;
        strings[1]= newPwd;
        return strings;
    }
}

修改密码

@RequiresPermissions("changePassword")
@ResponseBody
@RequestMapping("/changePassword")
public JSONObject showUser(String old, String pwd1, String pwd2) {
    try {
        JSONObject jsonObject = new JSONObject();
        String loginAccount = SecurityUtils.getSubject().getPrincipal().toString();
        if(!pwd1.equals(pwd2)){
            jsonObject.put("msg", "密码不一致,请重新输入");
            return jsonObject;
        }
        //根据用户名从数据库获取密码
        User user = userBiz.findUserByUsername(loginAccount);
        String passwordInDB = "", salt = "";
        if (user != null) {
            passwordInDB = user.getPassword();
            salt = user.getSalt();
        }else {
            jsonObject.put("msg", "用户不存在");
            return jsonObject;
        }

        String str= new Md5Hash(old, salt, 2).toString();

        if(!str.equals(passwordInDB)){
            jsonObject.put("msg", "请输入正确的原始密码");
            return jsonObject;
        }
        String[] strings= passwordAndSalt.getPasswordAndSalt(pwd1, 2);
        String newSalt = strings[0]; //盐量随机
        String newPwd= strings[1];  // 新密码
        Boolean flag= userBiz.changePassword(newPwd, newSalt, user.getId());
        jsonObject.put("msg", "密码修改成功");
        return jsonObject;
    }catch (Exception e){
        e.printStackTrace();
        jsonObject.put("msg", "密码修改失败");
        return jsonObject;
    }
}

全局异常处理器

注解验证角色和权限的话无法捕捉异常,从而无法正确的返回给前端错误信息,所以加了一个类用于拦截异常,具体代码如下:

/**
 * 全局异常处理器
 */
@RestControllerAdvice
public class MyExceptionHandler {

    @ExceptionHandler(value = AuthorizationException.class)
    public Map<String, String> handleException(AuthorizationException e) {
        Map<String, String> result = new HashMap<String, String>();
        result.put("status", "400");
        //获取错误中中括号的内容
        String message = e.getMessage();
        String msg= null;
        try {
            msg = message.substring(message.indexOf("[")+1,message.indexOf("]"));
        }catch (StringIndexOutOfBoundsException e1){
            result.put("msg", "对不起,您没有权限,请先登录");
            return result;
        }
        //判断是角色错误还是权限错误
        if (message.contains("role")) {
            result.put("msg", "对不起,您没有" + msg + "角色");
        } else if (message.contains("permission")) {
            result.put("msg", "对不起,您没有" + msg + "权限");
        } else {
            result.put("msg", "对不起,您的权限有误");
        }
        return result;
    }
}