Explain the role of authority control @RequiresRoles, such as annotations and using @RequiresPermissions programmatic control profiles manner using ShiroConfig annotation mode
- @RequiresRoles(value={"admin", "editor"}, logical= Logical.AND)
- Add a comment caller interface requires admin and editor two roles can access, AND at the same time represent two established
- @RequiresPermissions (value={"user:add", "user:del"}, logical= Logical.OR)
- The caller interface need to have permission to user: add or user: del permission to construct one visit, OR is or means.
- @RequiresAuthentication
- Has been granted the right to call Subject.isAuthenticated () returns true
- @RequiresUser
- Authentication or by Remember me login programmatically
Subject subject = SecurityUtils.getSubject();
//基于角色判断
if(subject.hasRole(“admin”)) {
//有角色,有权限
} else {
//无角色,无权限
}
//或者权限判断
if(subject.isPermitted("/user/add")){
//有权限
}else{
//无权限
}
- Common API
- subject.hasRole("xxx");
- subject.isPermitted("xxx");
- subject. isPermittedAll("xxxxx","yyyy");
- subject.checkRole ( "xxx"); // no return value can be considered for internal use assertions way