shiro登录之后后端需要权限的接口仍显示无权限问题

报错 The current Subject is not authenticated. Access denied.

后端接口如下

	@RequiresAuthentication
    @GetMapping("/getUserInfo")
    public Object logout() {
        Long id = ShiroUtil.getProfile().getId();
        return Result.succ(id);
    }

前端请求

this.$axios.get("getUserInfo").then((res) => {
      console.log("=======================");
      console.log(res)
      console.log("=======================");
    })

注意：解决方法！！！！

可能是因为前端发送请求没有携带token

改为如下请求方式，Authorization的值是之前登录接口存到localstorage的数据

this.$axios.get("getUserInfo", {
      headers: {
        Authorization: localStorage.getItem("token"),
      },
    }).then((res) => {
      console.log("=======================");
      console.log(res)
      console.log("=======================");
    })

完美解决问题

如果后端接口用@RequiresPermissions

@RequiresPermissions("update")
    @GetMapping("/getUserInfo")
    public Object logout() {
        Long id = ShiroUtil.getProfile().getId();
        return Result.succ(id);
    }

报错如下

This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against.  A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager.  This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again.  Because an identity is currently not known due to any of these conditions, authorization is denied.

此种情况可能也是前端没有携带token

如有问题可以留言交流