Problems encountered in access Control with Spring + Apache Shiro

for ordinary JSP pages, you can control permissions in the following ways

<shiro:hasPermission name="com.demo.permission:add">
    <input type="button" value="" />
</shiro:hasPermission>

people without [com.demo.permission:add] permission will not see the add button

but currently my JSP page is returned via Controller rendering

@RequestMapping("/getIndex")
public ModelAndView getIndex(Model model, HttpServletRequest request, HttpServletResponse response) {
    return new ModelAndView("index");
}

at this time, no matter whether the user has this permission or not, the add button can be seen in the rendering interface, and shiro:hasPermission is no longer valid. How to control the permission in this case?

Shiro spring

Mar.31,2021

Previous: How to set the table header style of iview, because the table header style of the design drawing is different

Next: Python3 reads the mysql and sends out the interface. But every front-end call will report an error, how to solve this problem?

Shiro uses resource path permissions, and path judgment is incomplete.
[resolved] using filterChainDefinitionMap, in shiro such as page remove requires page:remove permission, but you can also access it as long as you access page remove , except for writing multiple ....

Java shiro springboot spring-mvc filter

Mar.03,2021
The problem of shiro Custom filter intercepting restful style
premise now do a separate front and rear application, use shiro as permission control in the background, use jwt instead of session s stateless web application, customize a shiro filter.url with restful style. All interfaces url begin with api...

Jwt restful shiro spring-mvc

Mar.22,2021
How to use its session management system (session), to achieve access control when java web uses the shiro framework in a project that is separated from the front and back ends?
the project we developed is a shiro framework that separates the foreground from the background and uses the backstage framework. The problem now is that the foreground and background systems are two sets of systems. How to achieve a function similar to ...

Java-web shiro spring-mvc

Jan.08,2022
How to set shiro to stay logged in?
redis saves the session of shiro rewrites EnterpriseCacheSessionDAO.doUpdate, and each update changes the corresponding survival time of session key (TTL) requirements: for example, set the expiration time of session to 1 hour then I hope that durin...

Java springboot shiro spring-mvc

Jun.13,2022
When AuthorizationInfo authorization is performed in Shiro in SpringBoot, it will be executed repeatedly. What is the reason?
as mentioned, the authorization code is as follows @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { log.info(""); String token = (String) principals.getPrimaryPrincipal(); String openI...

Shiro springboot

Jul.07,2022