springmvc集成shiro注解权限
源代码下载:http://download.csdn.net/detail/u013147600/9066923
java.lang.ClassNotFoundException: org.aspectj.lang.annotation.Around错误解决方法:http://blog.csdn.net/u013147600/article/details/48132947
配置aop错误:
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 16 in XML document from class path resource [springmvc.xml] is invalid; nested exception is org.xml.sax.SAXParseException: The prefix "aop" for element "aop:aspectj-autoproxy" is not bound.
添加这些有关AOP的配置:
xmlns:aop=" http://www.springframework.org/schema/aop"
和
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"
添加后如下面所示:
<beans xmlns=" http://www.springframework.org/schema/beans"
xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
xmlns:p=" http://www.springframework.org/schema/p"
xmlns:context=" http://www.springframework.org/schema/context"
xmlns:mvc=" http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
在springmvc.xml中的配置:
<aop:aspectj-autoproxy proxy-target-class="true"/>
记得在shiro.xml中配置:
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
如果没有配置上面这两个bean的话,访问时就不会进行权限管理,(也就是配置的权限无效)。
controller控制层的方法:
@Controller
@RequestMapping("/admin")
public class AdminController {
private UserService userService =new UserServiceImpl();
/*
加上这个后这个方法只有当用户的角色为admin时才可以访问,不然会出现UnauthorizedException异常
如:严重: Servlet.service() for servlet [SpringMVC] in context with path [/authc] threw exception [Request processing failed; nested exception is org.apache.shiro.authz.UnauthorizedException: Subject does not have role [admin]] with root cause
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String com.authc.controller.AdminController.queryAllUserInfo(javax.servlet.http.HttpServletRequest)
*/
@RequiresRoles("admin")
@RequestMapping("/queryAllUserInfo")
public String queryAllUserInfo(HttpServletRequest request)
{
List<User> userList = userService.queryAllUserInfo();
request.setAttribute("userList", userList);
return "/admin";
}
}
注:Shiro权限注释和shiro.xml中权限的配置(形如:/member/queryMyUserInfo=authc)可以结合使用,但是不要产生冲突。
对异常的拦截:
配置成shiro权限注解后,下面的配置没有效果,就是当用户没有权限的时候不会运行"/member/login"路径,而是直接在页面显示出UnauthorizedException错误信息。
<!-- 用户访问未对其授权的资源时,所显示的连接 -->
<property name="unauthorizedUrl" value="/member/login"></property>
解决方法:
在 springmvc中加入如下配置:
<!-- shiro为集成springMvc 拦截异常-->
<bean
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<!-- 这里你可以根据需要定义N多个错误异常转发 -->
<prop key="org.apache.shiro.authz.UnauthorizedException">redirect:/member/login</prop>
<prop key="org.apache.shiro.authz.UnauthenticatedException">redirect:/member/login</prop>
<prop key="java.lang.IllegalArgumentException">/error.jsp</prop> <!-- 参数错误(bizError.jsp) -->
<prop key="java.lang.Exception">/error.jsp</prop> <!-- 其他错误为'未定义错误'(unknowError.jsp) -->
</props>
</property>
</bean>