Shiro: Authorization Control and shiro Authorization Control
PairEasy to ignoreThe local records are as follows:
1. The following two dependencies need to be introduced. The specific version is modified according to the environment:
<dependency> <groupId>org.apache.geronimo.bundles</groupId> <artifactId>aspectjweaver</artifactId> <version>1.6.8_2</version></dependency><dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjrt</artifactId> <version>1.8.10</version></dependency>
2. Inject the two beans:
/*** Annotation dynamic interception of Access authorization, otherwise doGetAuthenticationInfo ** @ param securityManager * @ return */@ Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor (SecurityManager securityManager) will not be executed) {AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor (); authorizationAttributeSourceAdvisor. setSecurityManager (securityManager); return authorizationAttributeSourceAdvisor;}/*** handle an error when the authorization is not passed (403, without this, the system will not jump to the 403 page ** @ return */@ Bean public SimpleMappingExceptionResolver extends () {SimpleMappingExceptionResolver simpleMappingExceptionResolver (); Properties mappings = new Properties (); mappings. setProperty ("org. apache. shiro. authz. unauthorizedException ","/error/403 "); simpleMappingExceptionResolver. setExceptionMappings (mappings); return simpleMappingExceptionResolver ;}
Finished!
When the following code is executed, the 403 page is displayed:
@RequiresPermissions("user:test")@GetMapping("/test")
public String test() { String strResult = "/test"; return strResult;}