如何在Spring MVC项目中启用@RequiresPermissions?

时间:2018-04-03 07:52:47

标签: spring-mvc shiro

我花了好几天试图绕过AOP,我别无选择,只能列出我的代码,希望互联网上的好人能帮助我。

我的dispatcher-servlet.xml:

  <?xml version='1.0' encoding='UTF-8' ?>
<!-- was: <?xml version=".0" encoding="UTF-8"?> -->
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
       http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">


    <context:component-scan base-package="com.company.project"/>

    <mvc:annotation-driven/>
    <mvc:resources mapping="/resources/**" location="/WEB-INF/resources/, file:${catalina.home}/project/resources/" />        

    <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
        <property name="mappings">
            <props>
                <prop key="index.htm">indexController</prop>
            </props>
        </property>
    </bean>

    <bean id="viewResolver"
          class="org.springframework.web.servlet.view.InternalResourceViewResolver"
          p:prefix="/WEB-INF/jsp/"
          p:suffix=".jsp" />

    <!--
    The index controller.
    -->
    <bean name="indexController"
          class="org.springframework.web.servlet.mvc.ParameterizableViewController"
          p:viewName="index" />

</beans>

的applicationContext.xml:

<?xml version='1.0' encoding='UTF-8' ?>
<!-- was: <?xml version="1.0" encoding="UTF-8"?> -->
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

    <aop:aspectj-autoproxy proxy-target-class="true"/>
    <context:component-scan base-package="com.company.project"/>
    <!-- Transaction Management -->
    <tx:annotation-driven transaction-manager="transactionManager" proxy-target-class="true"/>
        <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="locations">
            <list>
                <value>/WEB-INF/jdbc.properties</value>    
                <value>/WEB-INF/c3p0.properties</value> 
                <value>/WEB-INF/application.properties</value>  
            </list>    
        </property>               
    </bean>   


    <!-- With c3p0-->
    <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">        
        <property name="driverClass" value="${jdbc.driverClassName}"/>
        <property name="jdbcUrl" value="${jdbc.url}"/>
        <property name="user" value="${jdbc.username}" />
        <property name="password" value="${jdbc.password}" />       
    </bean> 

    <bean id="sessionFactory" class="org.springframework.orm.hibernate5.LocalSessionFactoryBean">
        <property name="dataSource" ref="dataSource"/>  
        <property name="packagesToScan" value="com.company.project.model"/>

        <property name="hibernateProperties">
            <props>
                <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
                <!--                <prop key="hibernate.current_session_context_class">thread</prop>-->
                <prop key="hibernate.cache.region.factory_class">org.hibernate.cache.ehcache.EhCacheRegionFactory</prop>
                <prop key="hibernate.cache.use_second_level_cache">true</prop>
                <prop key="hibernate.cache.use_query_cache">true</prop>                
                <prop key="hibernate.show_sql">false</prop>
                <prop key="hibernate.id.new_generator_mappings">false</prop>
                <prop key="net.sf.ehcache.configurationResourceName">ehcache.xml</prop>

                <prop key="hibernate.connection.provider_class">org.hibernate.connection.C3P0ConnectionProvider</prop>
                <prop key="hibernate.connection.driver_class">${jdbc.driverClassName}</prop>
                <prop key="hibernate.connection.url">${jdbc.url}</prop>
                <prop key="hibernate.connection.username">${jdbc.username}</prop>       
                <prop key="hibernate.connection.password">${jdbc.password}</prop>  
                <!--                 <prop key="hibernate.connection.provider_class">org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider</prop>-->

                <prop key="hibernate.c3p0.acquire_increment">1</prop>                
                <prop key="hibernate.c3p0.idle_test_period">300</prop>
                <prop key="hibernate.c3p0.max_size">20</prop> 
                <prop key="hibernate.c3p0.max_statements">100</prop> 
                <prop key="hibernate.c3p0.min_size">3</prop> 
                <prop key="hibernate.c3p0.preferredTestQuery">SELECT 1;</prop>
                <prop key="hibernate.c3p0.testConnectionOnCheckin">true</prop>
            </props>
        </property>     
    </bean>         

    <bean id="transactionManager" class="org.springframework.orm.hibernate5.HibernateTransactionManager">
        <property name="sessionFactory" ref="sessionFactory" />
    </bean>

    <bean id="shiroFilter" class=  "org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>   
        <property name="loginUrl" value="/verify.jsp"/>
        <property name="successUrl" value="/index"/>

        <property name="filterChainDefinitions">
            <value>
                /verify.jsp = authc                   
                /secure/** = authc            
                /logout.htm = logout
                /api/test/** = anon                
                /api/** = jwtv
            </value>
        </property>
    </bean>              

    <bean id="logout" class="org.apache.shiro.web.filter.authc.LogoutFilter">
        <property name="redirectUrl" value="/login.jsp"/>
    </bean>
    <bean id="annon" class="org.apache.shiro.web.filter.authc.AnonymousFilter">
    </bean>
    <bean id="jwtg" class="com.company.project.model.api.ApiGuard">        
    </bean>
    <bean id="jwtv" class="com.company.project.model.api.JWTVerifyingFilter">            
    </bean>


    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <!--        Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
        <property name="realm" ref="jdbcRealm"/>
        <property name="cacheManager" ref="cacheManager"/>

        <!--                 By default the servlet container sessions will be used.  Uncomment this line
        to use shiro's native sessions (see the JavaDoc for more): -->
        <!--                <property name="sessionMode" value="native"/> -->
    </bean>   

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

    <!-- Enable Shiro Annotations for Spring-configured beans. Only run after 
        the lifecycleBeanProcessor has run: -->
    <bean id="annotationProxy"
        class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
        depends-on="lifecycleBeanPostProcessor" />
    <bean
        class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager" />
    </bean>


    <bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">             
        <property name="credentialsMatcher" ref = "sha256Matcher"/>
        <property name="authenticationQuery" value = "SELECT password, salt FROM admin WHERE email = ?"/>
        <property name="permissionsLookupEnabled" value = "true"/>
        <property name="userRolesQuery" value = "SELECT role_name FROM admin_role WHERE email = ?"/>
        <property name="permissionsQuery" value = "SELECT permission FROM roles_permission WHERE role_name = ?"/>
        <property name="saltStyle" value = "COLUMN"/>
        <property name="dataSource" ref = "dataSource"/>       
    </bean> 

    <bean id="sha256Matcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher" >
        <property name="hashAlgorithmName" value = "SHA-256"/>           
    </bean> 

    <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" /> 

    <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="10000000"/>
    </bean>      
</beans>

如果我评论该部分:

<bean id="annotationProxy"
        class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
        depends-on="lifecycleBeanPostProcessor" />
    <bean
        class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager" />
    </bean>

项目运行但@RequiresPermissions注释无效。当我使用这些配置运行项目时错误是:

  

[http-nio-8084-exec-100]警告   org.springframework.web.context.support.XmlWebApplicationContext -   上下文初始化期间遇到异常 - 取消   刷新尝试:   org.springframework.beans.factory.UnsatisfiedDependencyException:   创建名为'myController'的bean时出错:不满意   通过字段'myService'表示的依赖;嵌套异常   是org.springframework.beans.factory.BeanNotOfRequiredTypeException:   名为'myService'的Bean应该是类型的   [com.company.project.service.myService]但实际上是类型   [com.sun.proxy。$ Proxy530] [http-nio-8084-exec-100]错误   org.springframework.web.context.ContextLoader - 上下文初始化   失败   org.springframework.beans.factory.UnsatisfiedDependencyException:   创建名为'myController'的bean时出错:不满意   通过字段'myService'表示的依赖;嵌套异常   是org.springframework.beans.factory.BeanNotOfRequiredTypeException:   名为'myService'的Bean应该是类型的   [com.company.project.service.myService]但实际上是类型   [com.sun.proxy。$ Proxy530] at   org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor $ AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:569)

我的控制器类很像:

  @RestController
    @RequestMapping(value = "/api/my")
    public class MyApis {    

        @Autowired
        MyService myService;

         @RequestMapping(method = RequestMethod.GET, value = "/profile/save")
@RequiresPermissions("profile:save")
        public void saveProfile(@RequestParam(value = "first-name") String firstName, @RequestParam(value = "last-name") String lastName,HttpServletRequest request) {
            Profile profile = new Profile();
            profile.setFirstName(firstName);
            profile.setLastName(lastName);            

            myService.insert(profile);

        }
    }

请帮我弄清楚设置Shiro注释。谢谢。

1 个答案:

答案 0 :(得分:0)

Shiro有Spring Boot example在控制器上使用Shiro的注释。并且非启动example too

相关问题
最新问题