一、添加POM依赖
一定要注意aop与aspectjweaver的版本兼容问题,否则会报java.lang.NoClassDefFoundError:org/springframework/aop/aspectj/autoproxy/AspectJAwareAdvisorAutoProxyCreator$PartiallyComparableAdvisorHolder错误!
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.8.13</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>5.0.2.RELEASE</version>
</dependency>二、在SpringMVC配置文件中增加如下配置
<!--开启Shiro注解 start-->
<aop:config proxy-target-class="true"/>
<bean class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<!--设置Shiro的securityManager-->
<property name="securityManager" ref="securityManager"/>
</bean>
<!--开启Shiro注解 end-->三、测试
(一)测试一:是否有该角色(有)
/**
* 测试有角色访问
*/
@RequiresRoles("admin")
@GetMapping(value = "/hasRole", produces = "application/json;charset=utf-8")
@ResponseBody
public String testHasRole(){
return "this has role -- admin";
}可以正常访问
(二)测试二:是否有该角色(无)
/**
* 测试无角色访问
*/
@RequiresRoles("admin1")
@GetMapping(value = "/hasRole1", produces = "application/json;charset=utf-8")
@ResponseBody
public String testNotHasRole(){
return "this has role -- admin1";
}报错如下: 
(三)测试三:是否有该权限
/**
* 测试有角色访问
*/
@RequiresPermissions("user:delete")
@RequiresRoles("admin")
@GetMapping(value = "/hasRole", produces = "application/json;charset=utf-8")
@ResponseBody
public String testHasRole(){
return "this has role -- admin";
}
