Hi Yu, What version of shiro do you use? Are you using the rest resources with spring?
Best regards, Laszlo On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[email protected]> wrote: > Hi guys, > > I tried to use annotations for authentication/authorization. However, it > doesn't work as expected. > > Below is shiro.ini, > > [main] > > # basic authentication > authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter > > # password matcher > pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher > pwService = org.apache.shiro.authc.credential.DefaultPasswordService > pwMatcher.passwordService = $pwService > > # data source configuration, using JndiObjectFactory to look up the > attributes > datasrc = org.apache.shiro.jndi.JndiObjectFactory > datasrc.requiredType = javax.sql.DataSource > datasrc.resourceName = mysql/ustudy > datasrc.resourceRef = true > > realm = org.apache.shiro.realm.jdbc.JdbcRealm > realm.permissionsLookupEnabled = true > realm.dataSource = $datasrc > realm.authenticationQuery = select usr_passwd from sec_users where > loginname = ? > realm.credentialsMatcher = $pwMatcher > > securityManager.realms = $realm > > [users] > > [roles] > > [urls] > /services/info/list/** = authc, roles[admin] > /services/info/add/** = authcBasic, roles[admin] > /services/info/update/** = authcBasic, roles[admin] > /services/info/delete/** = authcBasic, roles[admin] > > In servlet app, one method handle http request is as following, > > @GET > @RequiresAuthentication > @RequiresPermissions("list:view") > @Path("list/{type}/{id}") > @Produces(MediaType.APPLICATION_JSON) > public Response getList() > > > It seems that @RequiresAuthentication and @RequiresPermissions("list: > view") do not take effect. > > > Do I misunderstand anything? Or any error in my code? > > > > Thanks, > > Jared, (韦煜) > Software developer > Interested in open source software, big data, Linux > -- EOF
