can you post your complete shiro config? how have you set your [user] section is important.
On 27 March 2014 01:18, Forrest <[email protected]> wrote: > I have a web project which used form based authenticated, in case of > prevent > a read only user from entering /client/new page by typing the URL into the > browser address to create a new client, I have the following setting in > shiro.ini: > /client/new = authc, perms[client:New] > > But after the user who have not client:New permission logged in, and typed > the URL, the page could also appear. Is there any other settings need to be > set? Thanks. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/perms-does-not-work-for-one-who-logged-in-but-without-the-corresponded-permission-tp7579843.html > Sent from the Shiro User mailing list archive at Nabble.com. >
