在进行shiro前后分离授权时，报错如下。 

错误内容：This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against.  A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager.  This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again.  Because an identity is currently not known due to any of these conditions, authorization is denied.

 解决办法：

1、根据网上查找说是传递需要用到cookie ,但发现请求头已经有cookie 所以不是这个问题，可能个别人会是这个问题

2、最后排查发现 是在shiro配置时，将改请求配置了anon，在方法里又验证了权限导致报错