Problems encountered in access Control with Spring + Apache Shiro

for ordinary JSP pages, you can control permissions in the following ways

<shiro:hasPermission name="com.demo.permission:add">
    <input type="button" value="" />
</shiro:hasPermission>

people without [com.demo.permission:add] permission will not see the add button

but currently my JSP page is returned via Controller rendering

@RequestMapping("/getIndex")
public ModelAndView getIndex(Model model, HttpServletRequest request, HttpServletResponse response) {
    return new ModelAndView("index");
}

at this time, no matter whether the user has this permission or not, the add button can be seen in the rendering interface, and shiro:hasPermission is no longer valid. How to control the permission in this case?

Mar.31,2021
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b324ed-4038f.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b324ed-4038f.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?