Configuration of Shiro 1.2.3 In Spring mvc, mvcshiro
Spring versions: 3.2.x, 4.0.x
[Problem description]
First, we will introduce the configuration error:
(1) In the project, the applicationContext. xml aop configuration of Spring3 and Spring4 is as follows:
...... <Aop: aspectj-autoproxy expose-proxy = "true"/> <tx: annotation-driven transaction-manager = "transactionManager"/> <tx: advice id = "txAdvice" transaction-manager = "transactionManager"> <tx: attributes> <tx: method name = "save *" propagation = "REQUIRED"/> <tx: method name = "add *" propagation = "REQUIRED"/> <tx: method name = "create *" propagation = "REQUIRED"/> <tx: method name = "insert *" propagation = "REQUIRED" /> <Tx: method name = "update *" propagation = "REQUIRED"/> <tx: method name = "del *" propagation = "REQUIRED"/> <tx: method name = "get *" propagation = "REQUIRED" read-only = "true"/> <tx: method name = "find *" propagation = "REQUIRED" read-only = "true"/> <tx: method name = "query *" propagation = "REQUIRED" read-only = "true"/> <tx: method name = "*" read-only = "true"/> </tx: attributes> </tx: advice> <aop: config expose-proxy =" True "> <! -- Only implement transactions on the business logic layer --> <aop: pointcut id = "txPointcut" expression = "execution (* com. app .. service .. *. *(..)) "/> <aop: advisor advice-ref =" txAdvice "pointcut-ref =" txPointcut "/> </aop: config> ......
Before Shiro is added, the getBean (...) method of all applicationContext can get the corresponding object instance normally. Call getBeanDefinitionNames () to output the following Beans:
Bean Name |
Bean Class |
UserDaoImpl |
Class com. app. dao. impl. UserDaoImpl |
ResourceServiceImpl |
Class com. app. service. impl. ResourceServiceImpl $ EnhancerBySpringCGLIB $4ddf6901 |
RoleServiceImpl |
Class com. app. service. impl. RoleServiceImpl |
UserServiceImpl |
Class com. app. service. impl. UserServiceImpl $ EnhancerBySpringCGLIB $ e7bcd944 |
All the above beans use the @ Repository or @ Service annotation method.
Note that the Class name is highlighted in red because it is dynamically represented by CGLIB.
(2) According to the Shiro example, add the profile applicationContext-security.xml and configure Shiro as follows:
... ... <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm"/> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <bean id="formAuthenticationFilter" class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"/>... ...
After adding Shiro, it is found that getBean (...) has an error. Call getBeanDefinitionNames () to output the following Beans:
Bean Name |
Bean Class |
UserDaoImpl |
Class com. app. dao. impl. UserDaoImpl |
ResourceServiceImpl |
Class $ Proxy38 |
RoleServiceImpl |
Class com. app. service. impl. RoleServiceImpl |
UserServiceImpl |
Class $ Proxy32 |
You can note that the Class name is marked with red because DefaultAdvisorAutoProxyCreator is configured and is dynamically used by JDK secondary proxy.
[Solution]
Both use CGLIB dynamic proxy. Add the proxy-target-class attribute to the AOP configuration. The value is true. The details are as follows:
(1) Configure in applicationContext. xml
... <Aop: config expose-proxy = "true" proxy-target-class = "true"> <! -- Only implement transactions on the business logic layer --> <aop: pointcut id = "txPointcut" expression = "execution (* com. app .. service .. *. *(..)) "/> <aop: advisor advice-ref =" txAdvice "pointcut-ref =" txPointcut "/> </aop: config> ......
(2) Configure Shiro in applicationContext-security.xml
... ... <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true"/> </bean>... ...
After the modification is complete, run the program again and getBean returns to normal.
[References]
Secondary proxy reason of spring and how to check http://jinnianshilongnian.iteye.com/blog/1894465
The spring shiro annotation configuration is invalid.
I don't know if you have solved it. Are you using springmvc? If springmvc is used, add several lines of shiro code in the springmvc-servlet.xml file as follows:
<Bean class = "org. springframework. web. servlet. handler. SimpleMappingExceptionResolver">
<Property name = "exceptionMappings">
<Props>
<Prop key = "org. apache. shiro. authz. UnauthorizedException">/403 </prop>
</Props>
</Property>
</Bean>
<Bean class = "org. springframework. aop. framework. autoproxy. DefaultAdvisorAutoProxyCreator" depends-on = "lifecycleBeanPostProcessor"/>
<Bean class = "org. apache. shiro. spring. security. interceptor. AuthorizationAttributeSourceAdvisor">
<Property name = "securityManager" ref = "securityManager"/>
</Bean>
In this way, the shiro permission annotation is available.
Reference: Official springside code
XML-based configuration of spring mvc is 404 incorrect.
404 error that indicates the url cannot be found, do not know you use spring3.0.5 or later versions, try to add tags in the spring-servlet.xml
<Mvc: default-servlet-handler/>
If not, change <url-pattern> *. do </url-pattern> to <url-pattern>/</url-pattern>.