Spring+Shiro做权限配置时用注解配置的问题：配置报错

Spring 零配置

@Configuration public class SecurityConfig { //此处省略部分代码，与xml配置相同，下面贴出出问题的主要代码 @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); }

@Bean @DependsOn(value = "lifecycleBeanPostProcessor") public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator(); creator.setProxyTargetClass(true); // it's false by default return creator; } @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager()); return authorizationAttributeSourceAdvisor; } }

主要是用了

authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager());

在shiro认证用户时就会报错

public class AuthenticationRealm extends AuthorizingRealm {

    private static final Logger logger = Logger.getLogger(AuthenticationRealm.class);

    @Inject
    private CaptchaService captchaService;

    @Inject
    private UserService userService;

    @Inject
    private PermissionService permissionService;

    /**
     * 获取认证信息
     *
     * @param token 令牌
     * @return 认证信息
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
        UsernamePasswordCaptchaToken usernamePasswordCaptchaToken = (UsernamePasswordCaptchaToken) token;
        // 获取登录信息
        String username = usernamePasswordCaptchaToken.getUsername();
        String password = new String(usernamePasswordCaptchaToken.getPassword());
        String captcha = usernamePasswordCaptchaToken.getCaptcha();
        String ip = usernamePasswordCaptchaToken.getHost();
        HttpSession session = usernamePasswordCaptchaToken.getSession();

        User user = userService.getUser(username);

        // 启用管理员登录验证码时，验证验证码
        if (!captchaService.verify(CaptchaType.adminLogin, captcha, session)) {
            // 异常：无效令牌
            throw new UnsupportedTokenException();
        }

        if (user != null /*&& doCaptchaValidate(token)*/) {
            byte[] salt = EncodeUtils.decodeHex(user.getSalt());
            ShiroUser shiroUser = new ShiroUser(user.getId(), user.getLoginName(), user.getName());
            session.setAttribute("user", user);
            return new SimpleAuthenticationInfo(shiroUser, user.getPassword(), ByteSource.Util.bytes(salt), getName());
        } else {
            // 异常：账户不存在
            throw new UnknownAccountException();
        }
    }
}

上面代码在 User user = userService.getUser(username);

会报错，提示:Could not obtain transaction-synchronized Session for current thread