在使用shiro时,打算启用shiro的注解功能如下:
@RequestMapping(method = RequestMethod.GET,value = "/menuManager")
@RequiresPermissions("sys:menu:*")
public String menusManager(Model model){
return "/sys/menuManager";
}
于是在配置中加入shiro注解的配置
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor" >
<property name="securityManager" ref="securityManager"/>
</bean>
启动时会报错 java.lang.IllegalArgumentException: Can not set *.Service field *.Controller.Service to $Proxy47,研究后发现只要把配置改成
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor" >
<property name="securityManager" ref="securityManager"/>
</bean>
就不会再报错了,但是启动项目在测试中发现@RequiresRole @RequiresPermissions 这些注解并没有实际的拦截,不管有没有权限都一样可以通过请求。
后来把上面配置中的Aop代理配置改成
<aop:config proxy-target-class="true"></aop:config>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor" >
<property name="securityManager" ref="securityManager"/>
</bean>
然后shiro注解正常生效了。具体原因待研究。