- springboot:2.5.5
- shiro:1.8.0 (shiro-spring-boot-web-starter)
- idea
实测使用shiro-spring-boot-web-starter没有这个问题,其他版本可能遇到。
解决办法:shiro配置类中添加bean
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
//SecurityManager - Bean
authorizationAttributeSourceAdvisor.setSecurityManager(SecurityManager());
return authorizationAttributeSourceAdvisor;
}
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator app=new DefaultAdvisorAutoProxyCreator();
app.setProxyTargetClass(true);
return app;
}
2. 无法跳转 unauthorizedUrl(权限不足跳转页面)
- 对于在shiro配置类中设置的权限,只需在application.properties中设置: shiro.unauthorizedUrl=/403
- 但是对于使用注解设置的权限,并不会跳转,只会显示默认的500页面,提示没有权限
解决办法:shiro配置类中添加bean
@Bean
public SimpleMappingExceptionResolver resolver() {
SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver();
Properties properties = new Properties();
//映射
properties.setProperty("org.apache.shiro.authz.UnauthorizedException", "/403");
resolver.setExceptionMappings(properties);
return resolver;
}
似乎就是一个错误处理映射,拿来用就是了。
参考https://www.jianshu.com/p/bf1f490aa70f
https://www.jianshu.com/p/ae70d2b1a568
https://blog.csdn.net/sirchenhua/article/details/100200498
