Skip to content
Go to file

Build Status GitHub Release Maven Central License


A Thymeleaf dialect for Apache Shiro tags.



Download from Maven Central.

git clone


<!DOCTYPE html>
<html xmlns:shiro="">


    <p shiro:guest="">Please <a href="login.html">login</a></p>
    <p shiro:authenticated="">
      Hello, <span shiro:principal=""></span>, how are you today?



The following examples show how to integrate the tags in your Thymeleaf templates. These are all implementations of the examples given in the JSP / GSP Tag Library Section of the Apache Shiro documentation.

Tags can be written in attribute or element notation:

<p shiro:anyTag>
  Goodbye cruel World!
  <p>Hello World!</p>

The guest tag

<p shiro:guest="">
  Please <a href="login.html">Login</a>

The user tag

<p shiro:user="">
  Welcome back John! Not John? Click <a href="login.html">here<a> to login.

The authenticated tag

<a shiro:authenticated="" href="updateAccount.html">Update your contact information</a>

The notAuthenticated tag

<p shiro:notAuthenticated="">
  Please <a href="login.html">login</a> in order to update your credit card information.

The principal tag

<p>Hello, <span shiro:principal=""></span>, how are you today?</p>


<p>Hello, <shiro:principal/>, how are you today?</p>

Typed principal and principal property are also supported.

The hasRole tag

<a shiro:hasRole="administrator" href="admin.html">Administer the system</a>

The lacksRole tag

<p shiro:lacksRole="administrator">
  Sorry, you are not allowed to administer the system.

The hasAllRoles tag

<p shiro:hasAllRoles="developer, project manager">
  You are a developer and a project manager.

The hasAnyRoles tag

<p shiro:hasAnyRoles="developer, project manager, administrator">
  You are a developer, project manager, or administrator.

The hasPermission tag

<a shiro:hasPermission="user:create" href="createUser.html">Create a new User</a>

The lacksPermission tag

<p shiro:lacksPermission="user:delete">
  Sorry, you are not allowed to delete user accounts.

The hasAllPermissions tag

<p shiro:hasAllPermissions="user:create, user:delete">
  You can create and delete users.

The hasAnyPermissions tag

<p shiro:hasAnyPermissions="user:create, user:delete">
  You can create or delete users.


The project is licensed under the Apache License. See LICENSE for details.

You can’t perform that action at this time.