Shiro's authorization and authentication process based on annotations and tags

Others 2022-05-26 21:41:15 views: 0
Use Shiro as the permission basis of the application 3: Authorization and authentication process based on annotation http://blog.csdn.net/tch918/article/details/13849325
Apache Shiro annotation authorization http://blog.csdn.net/peterwanghao/ article/details/8165014 is


based on the annotation
http://jinnianshilongnian.iteye.com/blog/2029717
@RequiresPermissions
authorization processing process After the
authentication is passed, the Shiro authorization check is accepted. During authorization verification, it is necessary to determine whether the current role has the permission.
The resource corresponding to the protected URL can be accessed only if the authorization is passed, otherwise it will jump to the "unauthorized page".
If we customize the Realm implementation, such as the ShiroDbRealm class in my later example, when accessing a method annotated with @RequiresPermissions, ShiroDbRealm.doGetAuthorizationInfo() will be executed first for authorization.
@RequiresPermissions (value={“user:a”, “user:b”}, logical= Logical.OR) 

@RequiresAuthentication
can be a user class/property/method to indicate that the current user needs to be an authenticated user. Requires that the current Subject has been authenticated in the current session before it can be accessed or call



@RequiresGuest
Require the current Subject to be a "guest", that is, they must not be authenticated or remembered in the previous session to be accessed or call


@RequiresRoles("administrator")
to require the current Subject to have all specified roles . If they don't, the method will not be executed and an AuthorizationException will be thrown. @RequiresUser The RequiresUser annotation requires the current Subject to be an application user in order to be accessed or invoked by the annotated class/instance/method. An "application user" is defined as one who has a known identity, either confirmed by authentication in the current session, or remembered by the 'RememberMe' service in a previous session. Authorization implementation based on JSP TAGhttp: //jinnianshilongnian.iteye.com/blog/2026398 Shiro provides a set of JSP tag library to implement page-level authorization control. Before using the Shiro tag library, you first need to introduce the shiro tag in JSP:  














<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>


The hasRole tag
verifies whether the current user belongs to the role 
<shiro:hasRole name="administrator">    
    <a href="admin.jsp">Administer the system</a>    
</shiro:hasRole>


The hasPermission tag
verifies  whether the current user has the specified permission 
<shiro:hasPermission name="user:create">    
    <a href="createUser.jsp">Create a new User</a>    
</shiro:hasPermission>
 

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=327027591&siteId=291194637
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com