错误:
严重: Servlet.service() for servlet [springConfig] in context with path [] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [teacher:select]] with root cause org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.controller.PermissionController.per(javax.servlet.http.HttpServletRequest) at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:100)
sping-shiro.xml 只贴了shiro的配置内容
<!-- 自定义realm -->
<bean name="securityRealm" class="com.realm.BaseRealm"/>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="securityRealm"/>
</bean>
<!-- Shiro过滤器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager"/>
<!-- 身份认证失败,则跳转到登录页面的配置 -->
<property name="loginUrl" value="/index.jsp"/>
<!-- 权限认证失败,则跳转到指定页面 -->
<property name="unauthorizedUrl" value="/401.jsp"/>
<!-- Shiro连接约束配置,即过滤链的定义 -->
<property name="filterChainDefinitions">
<value>
/login=anon
/** = authc
</value>
</property>
</bean>
<aop:aspectj-autoproxy proxy-target-class="true"/>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
mvc.xml
<!--开启注解驱动 -->
<mvc:annotation-driven />
<!-- 自动扫描controller包下的所有类,使其认为是spring mvc的控制器 -->
<context:component-scan base-package="com.controller"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- 对模型视图名称的解析,即在模型视图名称添加前后缀 -->
<property name="prefix" value="/WEB-INF/pages/"/>
</bean>
<!-- shiro 注解 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
controller
@RequestMapping("/per")
@RequiresPermissions("teacher:select")
public String per(HttpServletRequest request){
request.setAttribute("message","hello");
return "hello.jsp";
}
登入的是admin,权限是充足的。。
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
Subject does not have permission [teacher:select]] with root cause,,是不是没写入这个权限, ######数据库里面是有这个的,controller也写了啊~~######
######com.realm.BaseRealm 这个类需要贴出来看看
######
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
logger.info("调用 《《 Authorization");
String userName = (String)principalCollection.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
authorizationInfo.setRoles(extRealmService.getRoles(userName));
authorizationInfo.setStringPermissions(extRealmService.getPermissions(userName));
return authorizationInfo;
}
/**
* 验证当前登录的用户
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
logger.info("调用 》》 Authentication ");
String userName = (String)authenticationToken.getPrincipal();
User user = extRealmService.getByUserName(userName);
if(user != null){
AuthenticationInfo info=new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),"xx");
return info;
}else {
return null;
}
}
######回复 @壹贰叁 : extRealmService.getPermissions(userName) 这个你确定一下是什么 看看里面是否包含teacher:select 这个字符串######用的是mybatis的,都是些接口,实现类和接口几乎一样######这个首先确定一下, extRealmService.getPermissions(userName) 返回的Set<String>结果里面是否有teacher:select,打个断点试一下。###### 问题找到了,是数据库的问题
我之前权限字段是 user:,student:,teacher:* ,那个注解只读取开头一个的,就是user的
然后我把他们3个分开后就能用了,也就说一个admin账号在权限表里面有3条数据。。。
好蛋疼~~,难道就不能像我之前的那样全写一条数据里面么,,,?