Solution to the failure of springboot Shiro permission annotation


Recently, I encountered a problem when learning spring boot combined with Shiro for permission management.

The questions are as follows:

I added permissions to the user in the dogetauthorizationinfo method in userrealm, and then wrote the following code in the controller. The method whose URL is / listarticle must have article: over permission to pass. The permission I added to the user in the dogetauthorizationinfo method does not have article: over, but when the current end sends a request to the URL, the @ requirespermissions annotation does not work, and the listarticle method is executed. Moreover, I print ispermitted (“article: over”) inside the method, and the output result is false. Finally, I checked my blog online and found that Shiro’s annotation support was not enabled.

@RequestMapping(value = "/listArticle", method = RequestMethod.POST)
public JSONObject listArticle(@RequestBody JSONObject request){
    System.out.println("---------isPermitted article:over--------" + SecurityUtils.getSubject().isPermitted("article:over"));
    int ArticleNum = articleService.getArticleNum();
    List<JSONObject> list = articleService.listArticle(request.getIntValue("offset"), request.getIntValue("pageRow"));
    return Result.success(request, list, ArticleNum);

The solution is as follows:

Add the following code to shiroconfig.

//Enable support for Shiro annotations
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
    AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
    return advisor;
//Enable AOP annotation support
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
    DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
    return defaultAAP;

After adding this code, when I send a request to the URL, the following exception will be reported, indicating that the user does not have the permission:
org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method

Reference blog:

This is the end of this article about the solution to the problem that the springboot Shiro permission annotation does not work. For more information about the problem, please search the previous articles of developeppaer or continue to browse the related articles below. I hope you will support developeppaer more in the future!