Requires the currently executing {@link hunt.shiro.subject.Subject Subject} to have all of the
specified roles. If they do not have the role(s), the method will not be executed and
an {@link hunt.shiro.authz.AuthorizationException AuthorizationException} is thrown.
<p/>
For example,
<p/>
<code>@RequiresRoles("aRoleName");<br/>
void someMethod();</code>
<p/>
means <tt>someMethod()</tt> could only be executed by subjects who have been assigned the
'aRoleName' role.
<p><b>*Usage Note*:</b> Be careful using this annotation if your application has a <em>dynamic</em>
security model where roles can be added and deleted at runtime. If your application allowed the
annotated role to be deleted during runtime, the method would not be able to
be executed by anyone (at least until a new role with the same name was created again).
<p>If you require such dynamic functionality, only the
{@link RequiresPermissions RequiresPermissions} annotation makes sense - Permission
types will not change during runtime for an application since permissions directly correspond to how
the application's functionality is programmed (that is, they reflect the application's functionality only, not
<em>who</em> is executing the the functionality).
Requires the currently executing {@link hunt.shiro.subject.Subject Subject} to have all of the specified roles. If they do not have the role(s), the method will not be executed and an {@link hunt.shiro.authz.AuthorizationException AuthorizationException} is thrown. <p/> For example, <p/> <code>@RequiresRoles("aRoleName");<br/> void someMethod();</code> <p/> means <tt>someMethod()</tt> could only be executed by subjects who have been assigned the 'aRoleName' role.
<p><b>*Usage Note*:</b> Be careful using this annotation if your application has a <em>dynamic</em> security model where roles can be added and deleted at runtime. If your application allowed the annotated role to be deleted during runtime, the method would not be able to be executed by anyone (at least until a new role with the same name was created again).
<p>If you require such dynamic functionality, only the {@link RequiresPermissions RequiresPermissions} annotation makes sense - Permission types will not change during runtime for an application since permissions directly correspond to how the application's functionality is programmed (that is, they reflect the application's functionality only, not <em>who</em> is executing the the functionality).
@see hunt.shiro.subject.Subject#hasRole(string)