springmvc集成shiro注解权限

springmvc集成shiro注解权限

源代码下载:http://download.csdn.net/detail/u013147600/9066923

java.lang.ClassNotFoundException: org.aspectj.lang.annotation.Around错误解决方法:http://blog.csdn.net/u013147600/article/details/48132947

配置aop错误:

org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 16 in XML document from class path resource [springmvc.xml] is invalid; nested exception is org.xml.sax.SAXParseException: The prefix "aop" for element "aop:aspectj-autoproxy" is not bound.

添加这些有关AOP的配置:
 xmlns:aop=" http://www.springframework.org/schema/aop"

  http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd" 

添加后如下面所示:
<beans xmlns=" http://www.springframework.org/schema/beans"
xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
 xmlns:p=" http://www.springframework.org/schema/p"
xmlns:context=" http://www.springframework.org/schema/context"
xmlns:mvc=" http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd 
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
 http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
">

在springmvc.xml中的配置:

<aop:aspectj-autoproxy proxy-target-class="true"/> 

记得在shiro.xml中配置:

<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>  
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">  
        <property name="securityManager" ref="securityManager"/>  
    </bean>

如果没有配置上面这两个bean的话,访问时就不会进行权限管理,(也就是配置的权限无效)。

controller控制层的方法:

@Controller
@RequestMapping("/admin")
public class AdminController {
 
 private UserService userService =new UserServiceImpl();
 
/* 
加上这个后这个方法只有当用户的角色为admin时才可以访问,不然会出现UnauthorizedException异常
如:严重: Servlet.service() for servlet [SpringMVC] in context with path [/authc] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have role [admin]] with root cause
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.authc.controller.AdminController.queryAllUserInfo(javax.servlet.http.HttpServletRequest)
*/
 @RequiresRoles("admin")
 @RequestMapping("/queryAllUserInfo")
 public String queryAllUserInfo(HttpServletRequest request)
 {
  List<User> userList = userService.queryAllUserInfo();
  request.setAttribute("userList", userList);
  return "/admin";
 }
}
注:Shiro权限注释和shiro.xml中权限的配置(形如:/member/queryMyUserInfo=authc)可以结合使用,但是不要产生冲突。


对异常的拦截:

配置成shiro权限注解后,下面的配置没有效果,就是当用户没有权限的时候不会运行"/member/login"路径,而是直接在页面显示出UnauthorizedException错误信息。
 <!-- 用户访问未对其授权的资源时,所显示的连接 -->  
  <property name="unauthorizedUrl" value="/member/login"></property>

解决方法:
在 springmvc中加入如下配置:
<!-- shiro为集成springMvc 拦截异常-->
 <bean
  class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
  <property name="exceptionMappings">
   <props>
    <!-- 这里你可以根据需要定义N多个错误异常转发 -->
    <prop key="org.apache.shiro.authz.UnauthorizedException">redirect:/member/login</prop>
    <prop key="org.apache.shiro.authz.UnauthenticatedException">redirect:/member/login</prop>
    <prop key="java.lang.IllegalArgumentException">/error.jsp</prop>  <!-- 参数错误(bizError.jsp) -->
    <prop key="java.lang.Exception">/error.jsp</prop>  <!-- 其他错误为'未定义错误'(unknowError.jsp) -->
   </props>
  </property>
 </bean>


你可能感兴趣的:(springMVC,shiro,RequiresRoles)