Enable Shiro annotations in Spring based application

Question

I have project with two modules – web and buisness.

In web module, there is a shiro.ini file with configuration (as in the tutorial – https://github.com/lhazlewood/apache-shiro-tutorial-webapp/blob/step7/src/main/webapp/WEB-INF/shiro.ini – with my own properties).

In buisness module, there is a applicationContext.xml file with this code:

<bean id="iniRealm" class="org.apache.shiro.realm.text.IniRealm">
    <property name="resourcePath" value="file:C:\project\webmodule\src\main\webapp\WEB-INF\shiro.ini" />
</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" />

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="realm" ref="iniRealm" />
</bean>

<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager" />
</bean>

But if I want to use annotations, like @RequiresAuthentication, it doesn't work.

Is the configuration in applicationContext.xml enough? Where can be a mistake? The authentication in web module works fine.

Can it be problem with filters? Do I have to define two filters, one with <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> and another with <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>? Thank you for any advice.

Answer 1

Your configuration is enough. If you have other AOP settings such as BeanNameAutoProxyCreator, you need to add bean AuthorizationAttributeSourceAdvisor into property interceptorNames as well.