Shiro类似@RequiresPermissions(value = {“p2”})这种在controller里面设置的权限,通过org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor#assertAuthorized再call org.apache.shiro.authz.aop.PermissionAnnotationHandler#assertAuthorized来判断此权限是否为此主体授权
而AuthorizingAnnotationMethodInterceptor又需要依赖aop,所以pom里面要加上spring-boot-starter-aop,还需要加3个配置:
/**
* 下面的代码是添加注解支持
*/
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
// 强制使用cglib,防止重复代理和可能引起代理出错的问题,https://zhuanlan.zhihu.com/p/29161098
defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
return defaultAdvisorAutoProxyCreator;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(defaultSecurityManager);
return advisor;
}