You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by reena upadhyay <re...@outlook.com> on 2014/05/26 15:59:54 UTC
Shiro Authorization Permission check using Annotation is not working
Hi,
I am trying to secure spring mvc methods using shiro @RequiresPermissions annotation, I am not getting even any error, normal method calls are working fine. If I am using isPermitted() method then in that case permission is getting checked. Also I have tried using @RequiresPermissions at service layer method instead of using at controller, still it did not worked. Cany anybody tell me what is missing.
shiro version: 1.2.2
spring version: 3.0.5.RELEASE
<!-- Annotation, so that it's easier to search controllers/components -->
<context:component-scan base-package="com.shiro.common.controller" />
<mvc:annotation-driven />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="jdbcRealm"/>
<property name="cacheManager" ref="cacheManager"/>
</bean>
<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
<!-- security datasource: -->
<bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
<property name="dataSource" ref="ds" />
<property name="permissionsLookupEnabled" value="true" />
<property name="authenticationQuery" value="SELECT password, salt FROM User WHERE email = ?" />
<property name="userRolesQuery" value="select roleName from UserRole where email = ?" />
<property name="permissionsQuery" value="select permission from RolesPermission where roleName = ?" />
</bean>
<bean id="ds" class="com.mysql.jdbc.jdbc2.optional.MysqlDataSource">
<property name="serverName" value="localhost" />
<property name="user" value="root" />
<property name="password" value="root" />
<property name="databaseName" value="shiroSpring" />
</bean>
<!-- Enable Shiro Annotations for Spring-configured beans. Only run after -->
<!-- the lifecycleBeanProcessor has run: -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
@Controller
@RequestMapping("/user")
public class UserController {
@RequestMapping(method = RequestMethod.GET,params={"username","password"})
@RequiresPermissions("admin:access")
public String getUser(
@RequestParam(value="username") String username,
@RequestParam(value="password") String password,
ModelMap model, @ModelAttribute("Login") LoginValidation login) {
model.addAttribute("name", username);
boolean rememberMe = true;
boolean result = login.tryLogin(username, password, rememberMe);
//result = true;
if(result == true){
return "success";
}else{
return "error";
}
}
}
Any help would be really appreciated.
Thanks.