Moment For Technology

Several ways shiro triggers the doGetAuthorizationInfo method

Posted on Oct. 28, 2023, 10:19 a.m. by Josephine Evans-Phillips
Category: The back-end Tag: The back-end

When will Shiro's authorization checks be triggered? There are usually three ways:

Method 1: Use the Subject object to actively invoke permission verification in code

Subject. HasRole (" admin "); / / or the subject isPermitted (" admin ");Copy the code

This method belongs to the code in the need to verify the permission of the initiative call, judge the return result to determine whether to pass.

Method 2: Check for method requests in the form of annotations

Copy the code

This is usually used in the Controller method.

Method three: page Shiro TAB

For FTL pages, you can use labels to mark corresponding requests directly on the page. When the page is displayed, the corresponding label is detected for permission verification.

shiro:hasPermission name="item:update"
Copy the code

If it is a JSP page, we first need to introduce Shiro tags in the JSP before using Shiro tag libraries:

%@ taglib prefix="shiro" uri="/WEB-INF/tlds/shiros.tld" %
Copy the code

When shiro is tagged, it is used in conjunction with background code: You need to inherit AuthorizingRealm, Protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection PrincipalCollection) is used to process services.

Related articles

"Still writing Filter for permission verification? Try Shiro"

Analysis of Shiro Authentication and Authorization Principle without explanation

Program new horizon


The public account "program new vision", a platform for simultaneous improvement of soft power and hard technology, provides massive information


About (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.