对容易忽略的地方记录如下:
1.需要引入下面2个依赖,具体版本根据自身环境修改:
<dependency>
<groupId>org.apache.geronimo.bundles</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.6.8_2</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.8.10</version>
</dependency>
2。注入这两个bean:
/**
* 注解访问授权动态拦截,不然不会执行doGetAuthenticationInfo
*
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
} /**
* 授权未通过时(403)错误处理,没有这个不会跳转到403页面
*
* @return
*/
@Bean
public SimpleMappingExceptionResolver getSimpleMappingExceptionResolver() {
SimpleMappingExceptionResolver simpleMappingExceptionResolver = new SimpleMappingExceptionResolver();
Properties mappings = new Properties();
mappings.setProperty("org.apache.shiro.authz.UnauthorizedException", "/error/403");
simpleMappingExceptionResolver.setExceptionMappings(mappings);
return simpleMappingExceptionResolver;
}
完毕!
这个时候执行如下代码,就会跳转到403页面:
@RequiresPermissions("user:test")
@GetMapping("/test")
public String test() {
String strResult = "/test";
return strResult;
}