Annotations in Shiro

The annotations in Shiro are added to controller layer methods to verify that the user has permission to call controller layer methods. Notes:

Annotations in Shiro

@RequiresAuthentication

Indicates that the current Subject has been authenticated by login. That is, subject.isauthenticated () returns true

@RequiresUser

Indicates that the current Subject has been authenticated or by remembering that I logged in

@RequiresGuest

Indicates that the Subject is not currently authenticated or is a tourist by remembering that I am logged in.

@RequiresRoles

@ RequiresRoles (value = {” admin “, “user”}, logical. = logical AND)

Indicates that the current Subject requires the roles admin and user

@RequiresPermissions

RequiresPermissions(value={” user:a “, “user:b”},logical= logical. OR) indicates that the current Subject RequiresPermissions user:add OR user:query

Use of Shiro annotations

Shiro annotations are used in Shiro and must be configured in the SpringMVC core configuration file to enable Shiro annotations.

Shiro configuration in SpringMVC

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"></bean> <! - the bean created depends on LifecycleBeanPostProcessor - > < bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" /> <! - shiro certification authentication bean creation - > < bean class = ". Org. Apache shiro. Spring. Security. The interceptor. AuthorizationAttributeSourceAdvisor ">  <property name="securityManager" ref="securityManager" /> </bean>Copy the code