An {@code AuthorizingRealm} extends the {@code AuthenticatingRealm}'s capabilities by adding Authorization (access control) support. <p/> This implementation will perform all role and permission checks automatically (and subclasses do not have to write this logic) as long as the {@link #getAuthorizationInfo(hunt.shiro.subject.PrincipalCollection)} method returns an {@link AuthorizationInfo}. Please see that method's JavaDoc for an in-depth explanation. <p/> If you find that you do not want to utilize the {@link AuthorizationInfo AuthorizationInfo} construct, you are of course free to subclass the {@link AuthenticatingRealm AuthenticatingRealm} directly instead and implement the remaining Realm interface methods directly. You might do this if you want have better control over how the Role and Permission checks occur for your specific data source. However, using AuthorizationInfo (and its default implementation {@link hunt.shiro.authz.SimpleAuthorizationInfo SimpleAuthorizationInfo}) is sufficient in the large majority of Realm cases.