The preceding section shows you how to implement authentication—making sure that users are prompted for username and password. But in many cases, you want more than just knowing who your users are. This section describes how to implement authorization to limit what various users can do with the application.
The simplest type of authorization is to divide the application into a public part that can be accessed by anyone and an authorized part that is only accessible to users with a valid username and password.
To implement this, you simply configure the
[urls] section of the
shiro.ini file. This section is evaluated in the order it is written, so you can place your publicly accessible pages first ...