use springboot + shiro for permission control, and access will be redirected to login.jsp when you are not logged in. If the front and back ends are separated and nginx is used as a proxy, cross-domain problems will occur. : ...

[resolved] using filterChainDefinitionMap, in shiro such as page remove requires page:remove permission, but you can also access it as long as you access page remove , except for writing multiple ....

The Debug in permission list filterChainDefinitionMap is as follows: filterorg.apache.shiro.web.filter.AccessControlFilter: subject.isPermittedDebug: error message: java.lang.IllegalArgumentException: Wildcard string cannot be null or empty. M...

use this.clearCachedAuthenticationInfo () to pass in tokens, and also execute this.clearCachedAuthorizationInfo () operation to empty the authorization information. The above two operations are the same principals . In Debug, it is found that the r...

recently, we integrated shiro with springboot and used redis as the session cache container for shiro. Most netizens on Baidu shiro configured the same cacheManager and sessionDAO, in SecurityManager and checked the source code with questions. We found ...

the code is as follows: public class UserRealm extends Pac4jRealm(){ @Override public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { TODO Auto-generated method stub System.out.println("Onece"); ...

recently, we are working on a Spring Boot-based integrated rights management and authentication system for JWT and Shiro, but the data on the Internet is basically based on the operation of one table (the user table contains user information and their r...

premise now do a separate front and rear application, use shiro as permission control in the background, use jwt instead of session s stateless web application, customize a shiro filter.url with restful style. All interfaces url begin with api...

controller @RequiresPermissions("system:role:c") @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseBody public ResponseEntity<?> create(@RequestBody RoleRequest roleRequ...

I want to do the function of forgetting my password, but it is always blocked by shiro, and all requests that do not log in jump back to the login page ajax function getYZM() { $.ajax({ url: user forgetPwdYz.do , ...

problem description spring integration to do stateless shiro, report DisabledSessionException the environmental background of the problems and what methods you have tried according to teacher Zhang Kaitao s shiro tutorial, stateless shiro, is int...

for ordinary JSP pages, you can control permissions in the following ways <shiro:hasPermission name="com.demo.permission:add"> <input type="button" value="" > < shiro:hasPermission> people without [...

original code: `ini configuration file (shiro-authenticator-all-success.ini) Java Code < H1 > specify the authenticator implementation of securityManager < H1 > authenticator=org.apache.shiro.authc.pam.ModularRealmAuthenticator securityManager....

problem description in data communication, all data goes to the URL address of http: host api , and the business request code is used to control the result returned by the request. There may be a variety of situations in each request code. Different...

I would like to ask: now that the backend is separated from the front and back, and the backend provides restful API, how does the backend permission be done? can the commonly used shiro still work, or do they all use spring Security? ...

redis session sharing implementation is relatively simple, and there is no need for other middleware Why does the industry still need cas?? ...

in a certain method, you want to obtain custom Realm information through getPrincipal (), but all the field information of the obtained entity is null configuration without cache processing, nor does it implement SessionDao . < hr > login code. If you...

previously, custom token was used to distinguish realm login operations, but now there is a need that the exits of the two realm do not affect each other. However, when both realm login operations are performed, no matter which realm performs the exit op...

for example, the login and authorization operation to distinguish between the two realm has been implemented, but when logging out with subject.logout (), the authorization and login information of both realm will be cleared at the same time. What if yo...

problem description the project used to be developed using jeesite, but now I want to rewrite the project, but the old code and methods can t be removed. Now Vue, is used at the front end, but when logging in, it will not enter the interceptor of shi...