开发者社区> 问答> 正文

shiro @RequiresPermissions注解无效403.10 禁止访问:配置无效 

 springboot集成shiro   @RequiresPermissions注解无效,,下面是shiro   配置

/** * 配置安全管理器 * * @author zhengkai */ @Bean("securityManager") public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); securityManager.setCacheManager(ehCacheManager()); return securityManager; }

/**
 * 配置shiro过滤器
 * 
 * @author zhengkai
 */
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
	// 1.定义shiroFactoryBean
	ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
	// 2.设置securityManager
	shiroFilterFactoryBean.setSecurityManager(securityManager);
	// 3.LinkedHashMap是有序的,进行顺序拦截器配置
	Map<String, String> filterChainMap = new LinkedHashMap<String, String>();
	// 4.配置logout过滤器
	filterChainMap.put("/account/logout", "anon");
	// 静态资源不拦截
	filterChainMap.put("/assets/**", "anon");

	filterChainMap.put("/account/login", "anon");
	// 5.所有url必须通过认证才可以访问
	filterChainMap.put("/**", "authc");
	// 6.设置默认登录的url
	shiroFilterFactoryBean.setLoginUrl("/account/index");
	// 7.设置成功之后要跳转的链接
	shiroFilterFactoryBean.setSuccessUrl("/main/index");
	// 8.设置未授权界面
	shiroFilterFactoryBean.setUnauthorizedUrl("/error");

	// 9.设置shiroFilterFactoryBean的FilterChainDefinitionMap
	shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainMap);
	return shiroFilterFactoryBean;
}

@Bean("myShiroRealm")
public MyShiroRealm myShiroRealm() {
	MyShiroRealm myShiroRealm = new MyShiroRealm();
	myShiroRealm.setCachingEnabled(true);
	myShiroRealm.setAuthorizationCachingEnabled(true);
	return myShiroRealm;
}

@Bean
@DependsOn({ "lifecycleBeanPostProcessor" })
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
	// 设置代理类
	DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
	creator.setProxyTargetClass(true);

	return creator;
}

@Bean("authorizationAttributeSourceAdvisor")
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
	AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
	authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
	return authorizationAttributeSourceAdvisor;
}

@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
	return new LifecycleBeanPostProcessor();
}

@Bean("ehCacheManager")
public EhCacheManager ehCacheManager() {
	net.sf.ehcache.CacheManager cacheManager = net.sf.ehcache.CacheManager.getCacheManager("em");
	EhCacheManager em = new EhCacheManager();
	if (ObjectUtils.isEmpty(cacheManager)) {
		em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml");
		return em;
	} else {
		em.setCacheManager(cacheManager);
		return em;
	}
}

@Bean("simpleMappingExceptionResolver")
public SimpleMappingExceptionResolver simpleMappingExceptionResolver() {
	SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver();
	Properties mappings = new Properties();
	mappings.setProperty("org.apache.shiro.authz.UnauthorizedException", "/error");
	resolver.setExceptionMappings(mappings);
	return resolver;
}
     

展开
收起
kun坤 2020-05-27 10:53:58 967 0
1 条回答
写回答
取消 提交回答
  • 要使用注解,需要在MyShiroRealm中setPermissions or setRole######回复 @夏碌冬藏 :这个 肯定比配啊,就算是不匹配 那么 也会跳转到 没有权限的界面去。。现在是 注解没生效,不管 匹没匹配 都 能进入这个界面######回复 @我叫程序猿不叫码农 : 那就要看你@RequiresPermissions(??)的内容跟set的内容是否匹配了######这个有定义的######问题解决了么 ? 我遇到了和你同样的问题  各种尝试都没有解决  求指点######https://my.oschina.net/u/3387320/blog/3010315

    2020-05-27 13:16:05
    赞同 展开评论 打赏
问答地址:
问答排行榜
最热
最新

相关电子书

更多
低代码开发师(初级)实战教程 立即下载
冬季实战营第三期:MySQL数据库进阶实战 立即下载
阿里巴巴DevOps 最佳实践手册 立即下载