首先保证shiro的基本配置是正确的。其次,
一。SpringMVC配置文件加上
<aop:config proxy-target-class=“true”></aop:config>
<bean class = "org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name = "securityManager" ref = "securityManager"/>
< /bean>
二。保证登录后的网址是跳转改变的,否则不会进入doGetAuthorizationInfo检查权限
三。前台页面要加上 Shiro的标签库和权限标签
<%@ taglib prefix=“shiro” uri=“http://shiro.apache.org/tags” %>
<shiro:hasRole name=“user”></shiro:hasRole>
参考:
https://blog.csdn.net/qq_31759675/article/details/72268141
shiro基本配置:https://ask.csdn.net/questions/201357
多个realms的配置:https://blog.csdn.net/fsgsggd/article/details/81635792