今天碰到一个有趣的问题,当在shiro配合filter鉴定token后,在控制层
加上@RequireRoles是没有问题的,
但是今天心血来潮,想加一个aop看日志输出,
但是加完之后就报错了:
: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.
org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.
报错提醒我好像是subject shiro的用户主体变为了匿名,
它说在使用login方法之后,shiro会将用户信息放入subject,跟rememberme也有关。
但是调整了一下发现问题好像依旧存在,
新把代码改为分支代码,加入aop,出问题,随即删除aop类,
重新编译运行,居然问题还在,我的天啊!