shiro configuration process
- a filter disposed in web.xml shiro
- spring configured shiro filter factory, specify a different address access control
, incoming security manager - Configuring security manager, incoming realm, realm defined specific authorization and authentication process
- Configure a custom certificate matcher, and the specified token info matched.
Access to configuration
String define all rights collection
in the collection of custom realm String override doGetAuthoriaztionInfo (), create all permissions,
create SimpleAuthorizationInfo the object, call addStringPermission, add a set of permissions, return the object- Permissions control access to specified resources needed
a. with parity codes.
// get the current Subject
Subject Subject = SecurityUtils.getSubject ();
// check whether the specified permissions
subject.checkPermission ( "sector management");b. Configure knockdown address filter plant
/system/user/list.do = perms [ "Management sector"]
/system/user/list.do = authc, Roles [User Management]c. Notes to realize
@RequiresPermissions ( "User Management") - Shiro use tags view rendering control
<shiro:hasPermission name="用户管理">
用户管理数据
</shiro:hasPermission>