Shiro: Authorization Control and shiro Authorization Control

Shiro: Authorization Control and shiro Authorization Control

PairEasy to ignoreThe local records are as follows:

1. The following two dependencies need to be introduced. The specific version is modified according to the environment:

<dependency>          <groupId>org.apache.geronimo.bundles</groupId>          <artifactId>aspectjweaver</artifactId>          <version>1.6.8_2</version></dependency><dependency>          <groupId>org.aspectj</groupId>          <artifactId>aspectjrt</artifactId>          <version>1.8.10</version></dependency>

2. Inject the two beans:

/*** Annotation dynamic interception of Access authorization, otherwise doGetAuthenticationInfo ** @ param securityManager * @ return */@ Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor (SecurityManager securityManager) will not be executed) {AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor (); authorizationAttributeSourceAdvisor. setSecurityManager (securityManager); return authorizationAttributeSourceAdvisor;}/*** handle an error when the authorization is not passed (403, without this, the system will not jump to the 403 page ** @ return */@ Bean public SimpleMappingExceptionResolver extends () {SimpleMappingExceptionResolver simpleMappingExceptionResolver (); Properties mappings = new Properties (); mappings. setProperty ("org. apache. shiro. authz. unauthorizedException ","/error/403 "); simpleMappingExceptionResolver. setExceptionMappings (mappings); return simpleMappingExceptionResolver ;}

Finished!

When the following code is executed, the 403 page is displayed:

@RequiresPermissions("user:test")@GetMapping("/test")

public String test() {  String strResult = "/test";  return strResult;}