When will Shiro's authorization checks be triggered? There are usually three ways:
Method 1: Use the Subject object to actively invoke permission verification in code
Subject. HasRole (" admin "); / / or the subject isPermitted (" admin ");Copy the code
This method belongs to the code in the need to verify the permission of the initiative call, judge the return result to determine whether to pass.
Method 2: Check for method requests in the form of annotations
@RequiresRoles("admin") Copy the code
This is usually used in the Controller method.
Method three: page Shiro TAB
For FTL pages, you can use labels to mark corresponding requests directly on the page. When the page is displayed, the corresponding label is detected for permission verification.
shiro:hasPermission name="item:update" Copy the code
If it is a JSP page, we first need to introduce Shiro tags in the JSP before using Shiro tag libraries:
%@ taglib prefix="shiro" uri="/WEB-INF/tlds/shiros.tld" % Copy the code
When shiro is tagged, it is used in conjunction with background code: You need to inherit AuthorizingRealm, Protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection PrincipalCollection) is used to process services.
Program new horizon
The public account "program new vision", a platform for simultaneous improvement of soft power and hard technology, provides massive information