In Shiro, permissions can be verified with the @requiresroles annotation. Before verifying permissions, you need to set them:
Add roles to users in authorization methods
Add roles to the user in the authorization method of the doGetAuthorizationInfo method in the custom Realm (inheriting the AuthorizingRealm implementation).
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String userName = (String) principalCollection.getPrimaryPrincipal(); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); <String> roles = getRolesByUserName(userName); simpleAuthorizationInfo.setRoles(roles); return simpleAuthorizationInfo; }Copy the codeVerify permissions with @requiresRoles
Verify the corresponding authorization with an annotation on the corresponding method in Controller:
@PostMapping("/list") @RequiresRoles("a") public void list(){//... }Copy the codeMultiple roles or permissions
If multiple rights and roles are authenticated, separate them with commas (,). By default, all listed rights and roles must be verified at the same time.
The default is logical= logical. AND, which means that all listed items must be satisfied to enter the method.
Logical = logical. OR can be used in annotations to indicate that only one of the listed conditions is satisfied.
@RequiresRoles(value={"admin","user"},logical = Logical.OR)
@RequiresPermissions(value={"add","update"},logical = Logical.AND)
Copy the codeRelated articles
“Still writing Filter for permission verification? Try Shiro”
Analysis of Shiro Authentication and Authorization Principle without explanation
Program new horizon
\
The public account “program new vision”, a platform for simultaneous improvement of soft power and hard technology, provides massive information
\
