shiro

Can I use expressions in Apache Shiro security annotations?

by

Look at the classes in http://shiro.apache.org/static/current/apidocs/org/apache/shiro/authz/aop/package-summary.html, especially PermissionAnnotationHandler. There you can see that all Shiro does when encountering the @RequiresPermissions annotation is call getSubject().isPermitted(permission) and does no substitution inside the annotation value at all. You would have to somehow override that handler if you wanted this kind of functionality. So to answer your question: yes, … Read more

Spring security vs Apache Shiro [duplicate]

by

Many of the Shiro developers use Spring for their applications, so Shiro works beautifully in Spring environments. The general feedback we’ve received thus far is that Shiro is also far easier to understand (for most people) than Spring Security. If you want full Session clustering support across any web container however, only Shiro will support … Read more

How can I delegate JAAS authorization checks to Shiro?

by

Note: The answer addresses the general case where an external authorization system is to be integrated with the JVM, by means of the standard security framework. It is not Shiro- or JMX-specific, as I am familiar with neither. Conceptually, it appears that you are after the policy decision point (PDP) — the facility where authorization … Read more

Shiro vs. SpringSecurity [closed]

by

I too agree that Spring Security feels too complicated (to me). Sure, they have done things to reduce complexity, like creating custom XML namespaces to reduce the quantity of XML configuration, but for me, these don’t address my personal fundamental issue with Spring Security: its names and concepts are often confusing in general to me. … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)