shiro框架两个常用注解
@RequiresRoles
@RequiresPermissions
这两个注解是用来控制是否用户有权限调用此方法的。
没有起作用的原因可能有两种
1.缺少配置
spring.xml里面增加配置
<!--
1.配置lifecycleBeanPostProcessor,可以在Spring IOC容器中调用shiro的生命周期方法.
-->
<bean class="org.apache.shiro.spring.LifecycleBeanPostProcessor" id="lifecycleBeanPostProcessor" />
<!--
2.启用Spring IOC容器Shiro注解,但必须配置了lifecycleBeanPostProcessor后才可以使用
-->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" />
<!--
3.开启Spring AOC Shiro注解支持
-->
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
springboot增加配置
@Bean
public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){
return new DefaultAdvisorAutoProxyCreator();
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
2.注解写错地方了
在spring里面,注解
@RequiresRoles
@RequiresPermissions
只能在controller层使用,不能在service层使用,或者你也可以定义一个类,不加入spring容器直接调用
public class ShiroServiceImpl {
@RequiresRoles(value={
"admin"})
public void testMethod() {
// TODO Auto-generated method stub
System.out.println("有admin权限 time"+new Date());
}
}