Shiro：授权控制

对容易忽略的地方记录如下：

1.需要引入下面2个依赖，具体版本根据自身环境修改：

<dependency>
          <groupId>org.apache.geronimo.bundles</groupId>
          <artifactId>aspectjweaver</artifactId>
          <version>1.6.8_2</version>
</dependency>
<dependency>
          <groupId>org.aspectj</groupId>
          <artifactId>aspectjrt</artifactId>
          <version>1.8.10</version>
</dependency>

2。注入这两个bean：

/**
   * 注解访问授权动态拦截，不然不会执行doGetAuthenticationInfo
   * 
   * @param securityManager
   * @return
   */
  @Bean
  public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
    AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
    authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
    return authorizationAttributeSourceAdvisor;
  }

  /**
   * 授权未通过时(403)错误处理,没有这个不会跳转到403页面
   * 
   * @return
   */
  @Bean
  public SimpleMappingExceptionResolver getSimpleMappingExceptionResolver() {
    SimpleMappingExceptionResolver simpleMappingExceptionResolver = new SimpleMappingExceptionResolver();
    Properties mappings = new Properties();
    mappings.setProperty("org.apache.shiro.authz.UnauthorizedException", "/error/403");
    simpleMappingExceptionResolver.setExceptionMappings(mappings);
    return simpleMappingExceptionResolver;
  }

完毕！

这个时候执行如下代码，就会跳转到403页面：

@RequiresPermissions("user:test")
@GetMapping("/test")

public String test() {
  String strResult = "/test";
  return strResult;
}