I encountered a problem in the process of learning shiro. The annotation method did not work as follows:
at the service layer
@RequiresRoles({"admin"})
public void testMethod(){
System.out.println("aaabbb");
}
Or in the Control layer as follows
@RequestMapping("testShiroService")
/**
* @RequiresRoles is shiro's annotation, indicating that the admin role is required
*/
@RequiresRoles({"admin"})
public String testShiroService(){
shiroServcie.testMethod ();
return "redirect:/home.jsp";
}
Added the @RequiresRoles({"admin"}) annotation, which means that it can only be executed when the role of admin is authorized. But it can also be executed when the user role is used in the real test.
The Internet said that you need to configure the open annotation, I also configured it, but it still doesn't work
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor" >
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
In another article, I saw that the above configuration was placed in the spring-mvc.xml file, not in the spring.xml file, so I tried it according to this, and it worked. hereby recorded
In addition, a source code for learning shiro is attached for future reference