六、Shiro之通过注解配置授权

一、添加POM依赖
  一定要注意aop与aspectjweaver的版本兼容问题，否则会报java.lang.NoClassDefFoundError:org/springframework/aop/aspectj/autoproxy/AspectJAwareAdvisorAutoProxyCreator$PartiallyComparableAdvisorHolder错误！

        <dependency>
            <groupId>org.aspectjgroupId>
            <artifactId>aspectjweaverartifactId>
            <version>1.8.13version>
        dependency>
        <dependency>
            <groupId>org.springframeworkgroupId>
            <artifactId>spring-aopartifactId>
            <version>5.0.2.RELEASEversion>
        dependency>

二、在SpringMVC配置文件中增加如下配置

    <aop:config proxy-target-class="true"/>
    <bean class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        
        <property name="securityManager" ref="securityManager"/>
    bean>
    

三、测试
（一）测试一：是否有该角色（有）

/**
     * 测试有角色访问
     */
    @RequiresRoles("admin")
    @GetMapping(value = "/hasRole", produces = "application/json;charset=utf-8")
    @ResponseBody
    public String testHasRole(){
        return "this has role -- admin";
    }

可以正常访问

（二）测试二：是否有该角色（无）

/**
     * 测试无角色访问
     */
    @RequiresRoles("admin1")
    @GetMapping(value = "/hasRole1", produces = "application/json;charset=utf-8")
    @ResponseBody
    public String testNotHasRole(){
        return "this has role -- admin1";
    }

报错如下：

（三）测试三：是否有该权限

    /**
     * 测试有角色访问
     */
    @RequiresPermissions("user:delete")
    @RequiresRoles("admin")
    @GetMapping(value = "/hasRole", produces = "application/json;charset=utf-8")
    @ResponseBody
    public String testHasRole(){
        return "this has role -- admin";
    }