Description: due to the use of springboot whole and shiro, so using the Java class path interceptor configuration of shiro yesterday with comments after the configuration has been an error, error is as follows:
` ` `
Org, apache shiro. Authz. AuthorizationException: Not authorized to invoke method: public Java. Lang. String com. Example. Shiro. Web. UserController. AddUser ()
` ` `
But strange situation is to use Java configuration class will not appear this situation, the error first I think because of using annotations can't jump to my specified login path caused by the error, but after the DEBUG today when the source of process suddenly found a problem:
There is no path, and I want to intercept
It's no problem of code:
` ` `
/* *
* create ShiroFilterFactoryBean
*/
@ Bean (name="shiroFilterFactoryBean")
Public ShiroFilterFactoryBean getShiroFilterFactoryBean (@ the Qualifier (" securityManager ") DefaultWebSecurityManager securityManager) {
//get ShiroFilterFactoryBean object
ShiroFilterFactoryBean ShiroFilterFactoryBean=new ShiroFilterFactoryBean ();
//1. Set the security manager
ShiroFilterFactoryBean. SetSecurityManager (securityManager);
//add Shiro built-in filters
/* *
* Shiro built-in filter, can realize the rights related to intercept
* commonly used filter:
* anon: without certification (login) can access
* authc: must be certified (login) can access
* the user: if you use the rememberMe functionality can be accessed directly
* perms: the resource must obtain permission to visit
* role: the resource must be role can access authorization
*/
Map
/* filterMap. Put ("/add ", "authc");
FilterMap. Put ("/del ", "authc");
FilterMap. Put ("/updata ", "authc"); */
/*
* authorization filters, because linkedHashMap is orderly, so the authority to order by best
* role "perms" user "authc" -anon
*/
//filterMap. Put ("/user/update ", "perms [user: update]");
//filterMap. Put ("/user/add ", "perms/user: add");
FilterMap. Put ("/user/* ", "authc");
//modify the jump to the login page
ShiroFilterFactoryBean. SetLoginUrl ("../toLogin ");
//set the unauthorized prompt page
ShiroFilterFactoryBean. SetUnauthorizedUrl ("../unAuth ");
ShiroFilterFactoryBean. SetFilterChainDefinitionMap (filterMap);
Return shiroFilterFactoryBean;
}
` ` `
And when I put the filterMap. Put ("/user/* ", "authc"); Commented after the annotations in the Conroller layer set, can appear the problem
` ` `
@ Controller
@ RequiresAuthentication
@ RequestMapping (" user ")
Public class UserController {
@ RequiresAuthentication
@ RequiresPermissions (value={} "user: add" https://bbs.csdn.net/topics/
@ GetMapping (" add ")
Public String addUser () {
Return "user/add";
}
` ` `
Will appear this problem, on the network are said, because of the AOP not enabled, but my side really enabled AOP functionality
` ` `
# open AOP
Spring. Aop. Proxy - target - class=true
Spring. Aop. Auto=true
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
@ SpringBootApplication
@ EnableAspectJAutoProxy
Public class ShiroApplication {
Public static void main (String [] args) {
SpringApplication. Run (ShiroApplication. Class, args);
}
}
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
/* *
* open Shiro annotations (such as @ RequiresRoles @ RequiresPermissions),
* need a SpringAOP scan using Shiro annotation class, and when necessary for safe logic validation
* to configure the following the two beans (DefaultAdvisorAutoProxyCreator and AuthorizationAttributeSourceAdvisor)
*/
@ Bean
Public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator () {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator ();
AdvisorAutoProxyCreator. SetProxyTargetClass (true);
Return advisorAutoProxyCreator;
}
/* *
* open aop annotation support
*/
@ Bean
Public AuthorizationAttributeSourceAdvisor AuthorizationAttributeSourceAdvisor (DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor AuthorizationAttributeSourceAdvisor=new AuthorizationAttributeSourceAdvisor ();
AuthorizationAttributeSourceAdvisor. SetSecurityManager (securityManager);
Return authorizationAttributeSourceAdvisor;
}
` ` `
O what bosses to give directions because
will appear this problemPut bosses help children!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!