spring boot + shiro,不进入doGetAuthorizationInfo
问题描述:
- spring boot + shiro
- 所使用的pom依赖< artifactId>shiro-spring< /artifactId>,版本1.4.0
- 加@RequiresPermisssions的方法可以任意进入,不会被doGetAuthorizationInfo拦截
解决方法一:
原因:
在@Configuration类中,缺少名为AuthorizationAttributeSourceAdvisor的@Bean,
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}在开涛的shiro博客第16章,很不起眼的位置写着
定义aop切面,用于代理如@RequiresPermissions注解的控制器,进行权限控制。(这段话起前面是AuthorizationAttributeSourceAdvisor的xml配置)
参考:http://jinnianshilongnian.iteye/blog/2037222
解决方法二:
pom引入spring boot版本的shiro
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.4.0</version>
</dependency>这种方式,shiro的配置类@Configuration类,可以写的很简洁,不用写AuthorizationAttributeSourceAdvisor的@Bean。
更多推荐
spring boot + shiro,不进入doGetAuthorizationInfo问题
发布评论