shiro in AuthorizingRealm there are two methods doGetAuthorizationInfo () and doGetAuthenticationInfo ()
Inherit AuthorizingRealm class and then override the doGetAuthorizationInfo doGetAuthenticationInfo.
doGetAuthenticationInfo This method is invoked when the user logs is executed SecurityUtils.getSubject () login () when the call; (ie: login authentication).
The method is doGetAuthorizationInfo we call SecurityUtils.getSubject (). DoGetAuthorizationInfo calls when isPermitted () This method (),
We add @RequiresPermissions on a method that, when we visited this method, it will automatically call SecurityUtils.getSubject (). IsPermitted (), thus calling area doGetAuthorizationInfo match
understanding:
When the user clicks the login screen to log in, request to be blocked filter, call doGetAuthenticationInfo, verify the user name and password when the user wants to authorize the use of role permissions, we use SecurityUtils.getSubject (). IsPermitted () to determine which is it will mobilize doGetAuthorizationInfo