i'm trying to figure out if by only checking permission (checkPermission/hasPermission, and not using hasRole) shiro willl inspect roles which contain said permissions so i won't to do it myself.
also is there a way / pattern , to have servlet filter inspect incoming request and have the request name be as resource to checked for permission and if not throw an 401 error? -- View this message in context: http://shiro-user.582556.n2.nabble.com/is-checking-premission-implicitly-check-roles-as-well-tp6567107p6567107.html Sent from the Shiro User mailing list archive at Nabble.com.
