shiro @RequiresPermissions不起作用
阿新 • • 發佈:2019-02-01
因為在正常情況下,如果在方法上面加了@RequiresPermissions(“XXXX”)註釋,系統會直接進入doGetAuthorizationInfo方法進行許可權驗證,如果沒有許可權,那麼就會丟擲 org.apache.shiro.authz.UnauthorizedException: Subject does not have permission異常,但是有時候@RequiresPermissions沒有效果,如果出現這種情況,那麼就在springMvc中加入程式碼如下(注意:在系統會用到spring AOP技術,相關資訊也必須配置):
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean>
lifecycleBeanPostProcessor和securityManager是在shiro配置檔案中定義好的如下,但是如果在定義好這些資訊的時候,報錯如下:
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--設定自定義realm --> <property name="realm" ref="monitorRealm" /></bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />