I have a web project which used form based authenticated, in case of prevent a read only user from entering /client/new page by typing the URL into the browser address to create a new client, I have the following setting in shiro.ini: /client/new = authc, perms[client:New]
But after the user who have not client:New permission logged in, and typed the URL, the page could also appear. Is there any other settings need to be set? Thanks. -- View this message in context: http://shiro-user.582556.n2.nabble.com/perms-does-not-work-for-one-who-logged-in-but-without-the-corresponded-permission-tp7579843.html Sent from the Shiro User mailing list archive at Nabble.com.
