Annotation Type RequiresUser


  • @Target({TYPE,METHOD})
    @Retention(RUNTIME)
    @Documented
    public @interface RequiresUser
    Requires the current Subject to be an application user for the annotated class/instance/method to be accessed or invoked. This is less restrictive than the RequiresAuthentication annotation.

    Shiro defines a "user" as a Subject that is either "remembered" or authenticated:

    • An authenticated user is a Subject that has successfully logged in (proven their identity) during their current session.
    • A remembered user is any Subject that has proven their identity at least once, although not necessarily during their current session, and asked the system to remember them.

    See the RememberMeAuthenticationToken JavaDoc for an explanation of why these two states are considered different.

    Since:
    0.9.0
    See Also:
    RequiresAuthentication, RequiresGuest