@RestController
@RequestMapping(value = { "/api/v1/user", "/api/secure/v1/user" })
public class UserRestDemoController {
@RequestMapping(method = RequestMethod.GET, produces = MediaTypes.JSON_UTF_8)
@RequiresPermissions("user")
public User getUserInPath() {
User user = new User("xxx");
return user;
}
}
如上这样一个rest api,要如何用shiro来鉴权呢?
rest api是无状态的,cookie不好使,那么SecurityUtils.getSubject()应该是拿不到的.
要怎么改从token里拿获得不同的subject呢
能,你可以参考这篇文章