使用shiro的SecurityUtils.getSubject().getPrincipal()獲取當前登錄用戶信息遇到的問題總結一下
1.檢查配置是否正確
(1)設置配置AuthorizationAttributeSourceAdvisor 在整個類的最前面,至少在shiroFilterFactoryBean的前面
/**
* 開啓Shiro的註解(如@RequiresRoles,@RequiresPermissions)
* @return
* DefaultAdvisorAutoProxyCreator的順序必須在shiroFilterFactoryBean之前,不然SecurityUtils.getSubject().getPrincipal()獲取不到參數
*/
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
advisorAutoProxyCreator.setUsePrefix(true);
return advisorAutoProxyCreator;
}
/**
* 開啓aop註解支持
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
(2)開啓advisorAutoProxyCreator.setUsePrefix(true);
2.自己要獲取的用戶信息在代碼是否設置過
Q:SecurityUtils.getSubject().getPrincipal()獲取的用戶信息是在哪裏設置的?
自定義realm類--》doGetAuthenticationInfo()方法--》SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), byteSourceSalt, getName());
方法第一個參數user,這裏設置的就是SecurityUtils.getSubject().getPrincipal()獲取的值,還可以可以設置String和對象等類型。
3.訪問的接口需要在ShiroFilterFactoryBean裏面配置攔截規則,沒有配置過的也不生效。
比如:filterChainDefinitionMap.put("/static/**", "anon");