在使用shiro時,打算啟用shiro的注解功能如下:
@RequestMapping(method = RequestMethod.GET,value = "/menuManager")
@RequiresPermissions("sys:menu:*")
public String menusManager(Model model){
return "/sys/menuManager";
}
于是在配置中加入shiro注解的配置
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor" >
<property name="securityManager" ref="securityManager"/>
</bean>
啟動時會報錯 java.lang.IllegalArgumentException: Can not set *.Service field *.Controller.Service to $Proxy47,研究後發現隻要把配置改成
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor" >
<property name="securityManager" ref="securityManager"/>
</bean>
就不會再報錯了,但是啟動項目在測試中發現@RequiresRole @RequiresPermissions 這些注解并沒有實際的攔截,不管有沒有權限都一樣可以通過請求。
後來把上面配置中的Aop代理配置改成
<aop:config proxy-target-class="true"></aop:config>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor" >
<property name="securityManager" ref="securityManager"/>
</bean>
然後shiro注解正常生效了。具體原因待研究。