springmvc集成shiro注解权限

springmvc集成shiro注解权限

源代码下载:http://download.csdn.net/detail/u013147600/9066923

java.lang.ClassNotFoundException: org.aspectj.lang.annotation.Around错误解决方法:http://blog.csdn.net/u013147600/article/details/48132947

配置aop错误:

org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 16 in XML document from class path resource [springmvc.xml] is invalid; nested exception is org.xml.sax.SAXParseException: The prefix "aop" for element "aop:aspectj-autoproxy" is not bound.

添加这些有关AOP的配置:
 xmlns:aop=" http://www.springframework.org/schema/aop"

  http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd" 

添加后如下面所示:
xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
 xmlns:p=" http://www.springframework.org/schema/p"
xmlns:context=" http://www.springframework.org/schema/context"
xmlns:mvc=" http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd 
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
 http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
">

在springmvc.xml中的配置:

 

记得在shiro.xml中配置:

 
     
         
   

如果没有配置上面这两个bean的话,访问时就不会进行权限管理,(也就是配置的权限无效)。

controller控制层的方法:

@Controller
@RequestMapping("/admin")
public class AdminController {
 
 private UserService userService =new UserServiceImpl();
 
/* 
加上这个后这个方法只有当用户的角色为admin时才可以访问,不然会出现UnauthorizedException异常
如:严重: Servlet.service() for servlet [SpringMVC] in context with path [/authc] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have role [admin]] with root cause
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.authc.controller.AdminController.queryAllUserInfo(javax.servlet.http.HttpServletRequest)
*/
 @RequiresRoles("admin")
 @RequestMapping("/queryAllUserInfo")
 public String queryAllUserInfo(HttpServletRequest request)
 {
  List userList = userService.queryAllUserInfo();
  request.setAttribute("userList", userList);
  return "/admin";
 }
}
注:Shiro权限注释和shiro.xml中权限的配置(形如:/member/queryMyUserInfo=authc)可以结合使用,但是不要产生冲突。


对异常的拦截:

配置成shiro权限注解后,下面的配置没有效果,就是当用户没有权限的时候不会运行"/member/login"路径,而是直接在页面显示出UnauthorizedException错误信息。
   
 

解决方法:
在 springmvc中加入如下配置:
 
  class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
 
   
   
    redirect:/member/login
    redirect:/member/login
    /error.jsp  
    /error.jsp  
   
 
 


你可能感兴趣的:(shiro安全框架,Springmvc,JAVA)