When will Shiro’s authorization checks be triggered? There are usually three ways:

Method 1: Use the Subject object to actively invoke permission verification in code

Subject. HasRole (" admin "); / / or the subject isPermitted (" admin ");Copy the code

This method belongs to the code in the need to verify the permission of the initiative call, judge the return result to determine whether to pass.

Method 2: Check for method requests in the form of annotations

@RequiresRoles("admin")
Copy the code

This is usually used in the Controller method.

Method three: page Shiro TAB

For FTL pages, you can use labels to mark corresponding requests directly on the page. When the page is displayed, the corresponding label is detected for permission verification.

<shiro:hasPermission name="item:update">
Copy the code

If it is a JSP page, we first need to introduce Shiro tags in the JSP before using Shiro tag libraries:

<%@ taglib prefix="shiro" uri="/WEB-INF/tlds/shiros.tld" %>
Copy the code

When shiro is tagged, it is used in conjunction with background code: You need to inherit AuthorizingRealm, Protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection PrincipalCollection) is used to process services.

Related articles

“Still writing Filter for permission verification? Try Shiro”

Analysis of Shiro Authentication and Authorization Principle without explanation

Program new horizon

\

The public account “program new vision”, a platform for simultaneous improvement of soft power and hard technology, provides massive information

\