shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Demers <>
Subject Re: Some question in learning Shiro
Date Fri, 08 Aug 2014 14:27:26 GMT
If you are doing all your filtering at the request level, that is all you

On Thu, Aug 7, 2014 at 2:05 AM, Govert Peng <> wrote:

> Hi sir:
>              I'm sending you this short letter to find out a few questions.
>            In the process of me to learn Shiro,when I integrating Apache
> Shiro into Spring-based Applications,I see the sample spring-hibernate,in
> that application use Annotation-based Authorization,but in Spring
> configuration applicationContext.xml config <bean id="shiroFilter">
> subelement <property name="filterChainDefinitions"> use /s/manageUsers =
> perms[user:manage].I do not unserstand why has used Annotation-based
> Authorization,also need config this filter perms?This is equivalent to
> verify the two times.
>         When I delete /s/manageUsers = perms[user:manage],I try to use a
> new sign up user access /manageUsers throw a exception
> org.apache.shiro.authz.UnauthorizedException: Subject does not have
> permission [user:manage], and don not go unauthorized page.But When I
> delete the annotation @RequiresPermissions("user:manage") on
> ManageUsersController method manageUsersmanageUsers,and add the
> /s/manageUsers = perms[user:manage] in applicationContext.xml,it also can
> work well,it is like @RequiresPermissions("user:manage") id useless when I
> config <bean id="shiroFilter"> add <property name="filterChainDefinitions">
> use perms filter and write the permission in [].I read the source code
> perms filter is also check permission.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message