标签:springmvc shiro requiresroles
springmvc集成shiro注解权限
源代码下载:http://download.csdn.net/detail/u013147600/9066923
java.lang.ClassNotFoundException:
org.aspectj.lang.annotation.Around错误解决方法:http://blog.csdn.net/u013147600/article/details/48132947
配置aop错误:
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 16 in XML document from class path resource [springmvc.xml]
is invalid; nested exception is org.xml.sax.SAXParseException: The prefix "aop" for element "aop:aspectj-autoproxy" is not bound.
添加这些有关AOP的配置:
添加后如下面所示:
在springmvc.xml中的配置:
<aop:aspectj-autoproxy proxy-target-class="true"/>
记得在shiro.xml中配置:
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
如果没有配置上面这两个bean的话,访问时就不会进行权限管理,(也就是配置的权限无效)。
controller控制层的方法:
@Controller
@RequestMapping("/admin")
public class AdminController {
private UserService userService =new UserServiceImpl();
/*
加上这个后这个方法只有当用户的角色为admin时才可以访问,不然会出现UnauthorizedException异常
如:严重: Servlet.service() for servlet [SpringMVC] in context with path [/authc] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have role [admin]]
with root cause
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.authc.controller.AdminController.queryAllUserInfo(javax.servlet.http.HttpServletRequest)
*/
@RequiresRoles("admin")
@RequestMapping("/queryAllUserInfo")
public String queryAllUserInfo(HttpServletRequest request)
{
List<User> userList = userService.queryAllUserInfo();
request.setAttribute("userList", userList);
return "/admin";
}
}
注:Shiro权限注释和shiro.xml中权限的配置(形如:/member/queryMyUserInfo=authc)可以结合使用,但是不要产生冲突。
对异常的拦截:
配置成shiro权限注解后,下面的配置没有效果,就是当用户没有权限的时候不会运行"/member/login"路径,而是直接在页面显示出UnauthorizedException错误信息。
<!-- 用户访问未对其授权的资源时,所显示的连接 -->
<property name="unauthorizedUrl" value="/member/login"></property>
解决方法:
在 springmvc中加入如下配置:
<!-- shiro为集成springMvc 拦截异常-->
<bean
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<!-- 这里你可以根据需要定义N多个错误异常转发 -->
<prop key="org.apache.shiro.authz.UnauthorizedException">redirect:/member/login</prop>
<prop key="org.apache.shiro.authz.UnauthenticatedException">redirect:/member/login</prop>
<prop key="java.lang.IllegalArgumentException">/error.jsp</prop> <!-- 参数错误(bizError.jsp) -->
<prop key="java.lang.Exception">/error.jsp</prop> <!-- 其他错误为‘未定义错误‘(unknowError.jsp) -->
</props>
</property>
</bean>
版权声明:本文为博主原创文章,未经博主允许不得转载。
springmvc集成shiro注解权限
标签:springmvc shiro requiresroles
原文地址:http://blog.csdn.net/u013147600/article/details/48133397
