for ordinary JSP pages, you can control permissions in the following ways
<shiro:hasPermission name="com.demo.permission:add">
<input type="button" value="" />
</shiro:hasPermission>
people without [com.demo.permission:add] permission will not see the add button
but currently my JSP page is returned via Controller rendering
@RequestMapping("/getIndex")
public ModelAndView getIndex(Model model, HttpServletRequest request, HttpServletResponse response) {
return new ModelAndView("index");
}
at this time, no matter whether the user has this permission or not, the add button can be seen in the rendering interface, and shiro:hasPermission is no longer valid. How to control the permission in this case?