SHiro supports three different ways of authorizing:
1. Programming: By writing If/else Authorization code block complete:
Subject Subject = securityutils.getsubject (); if (Subject.hasrole ("admin")) { // have permission else { // No permissions
2. Annotation: complete by placing the corresponding annotations on the executing Java method:
@RequiresRoles ("admin") publicvoid hello () { // has permission }
3.JSP/GSP Tags: in the JSP/GSP page through the corresponding label to complete:
<shiro:hasrole name= "admin" > <!-rights </shiro:hasRole>
Here we focus on the third way---jsp tags
1. Understand the definition of some labels
<shiro:guest> Welcome visitor visit, <a href="${pagecontext.request.contextpath}/ login.jsp "> Login </a> </shiro:guest> users are not authenticated when they display the appropriate information, that is, visitor access information.
<shiro:principal type="java.lang.String" property="username"/> Display user identity information
<shiro:user> Welcome [<shiro:principal/>] login, <a href="${ Pagecontext.request.contextpath}/logout "> Exit </a> </shiro:user> User authenticated/ Remember to display the appropriate information when I log in.
<shiro:hasrole name="admin" > user has role admin </shiro:hasRole>
<shiro:hasanyroles name="Admin,user" > users have role admin or user </shiro:hasAnyRoles>
<shiro:lacksrole name="abc" > user no role ABC </shiro:lacksRole>
<shiro:haspermission name="User:create" > users have permissions user:create </shiro:hasPermission>
<shiro:lackspermission name="org:create" > user does not have permissions org:create </shiro:lacksPermission>
2. To use the Shiro tag first refer to the tag library <%@ taglib prefix= "Shiro" uri= "Http://shiro.apache.org/tags"%>
Apache Shiro Learning----Licensing