Apache-shiro learning

Others 2022-04-27 11:28:37 views: 0

1.Shiro Shirosuke

Shiro can help us with: authentication, authorization, encryption, session management, integration with the web, caching, etc.

The working principle is mainly shown in the figure. After entering, a Subject (that is, the current user) is created, and then the SecurityManager manages all the Subjects. This can be understood as the DispatcherServlet of SpringMVC. Finally, our Realm is equivalent to a data source to manage whether the user identity is legal.

2. Getting started example

@Test
public void testHelloworld() {
//1、获取SecurityManager工厂,此处使用Ini配置文件初始化SecurityManager
Factory<org.apache.shiro.mgt.SecurityManager> factory =
new IniSecurityManagerFactory("classpath:shiro.ini");
//2、得到SecurityManager实例并绑定给SecurityUtils
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
//3、得到Subject及创建用户名/密码身份验证Token(即用户身份/凭证)
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zhang", "123");
try {
//4、登录,即身份验证
subject.login(token);
} catch (AuthenticationException e) {
//5、身份验证失败
}
Assert.assertEquals(true, subject.isAuthenticated()); //断言用户已经登录
//6、退出
subject.logout();
}

2.1. First create a SecurityManager factory through new IniSecurityManagerFactory and specifying an ini configuration file;

2.2. Then get the SecurityManager and bind it to SecurityUtils. This is a global setting. It can be set once.
2.3. After getting the Subject through SecurityUtils, it will be automatically bound to the current thread; if the web environment needs to be unbound at the
end Then get the authentication token, such as username/password;
2.4. Call the subject.login method to log in, which will automatically delegate to the SecurityManager.login method to log in;
2.5. If the authentication fails, please catch AuthenticationException or its subclasses ;

2.6. Finally, you can call subject.logout to exit

3. Integrate with the web

<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.9</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.2</version>
</dependency>

Necessary rack package.

web.xml as shown

<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>*.shtml</url-pattern>
	</filter-mapping>

The function of DelegatingFilterProxy is to automatically go to the spring container to find a bean named shiroFilter (filter-name) and delegate all Filter operations to it, and then configure ShiroFilter to the spring container.

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager" />
</bean>

ini configuration section description

[main]
#默认是/login.jsp
authc.loginUrl=/login
roles.unauthorizedUrl=/unauthorized
perms.unauthorizedUrl=/unauthorized
[users]
zhang=123,admin
wang=123
[roles]
admin=user:*,menu:*
[urls]
/login=anon
/unauthorized=anon
/static/**=anon
/authenticated=authc
/role=authc,roles[admin]
/permission=authc,perms["user:create"]

The most important of which is the configuration in the [urls] section, whose format is: "url=interceptor [parameter], interceptor [parameter]";
that is, if the url of the current request matches a url pattern in the [urls] section, the Will execute its configured interceptor. For example, the anon
interceptor indicates anonymous access (that is, you can access without logging in); the authc interceptor indicates that you need to pass authentication before you
can access; the roles[admin] interceptor indicates that you need to be authorized by the admin role to access; and perms["user :create"]
interceptor indicates that "user:create" permission is required to access

 

See here for the time being, make a record, and continue to update next time

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325560956&siteId=291194637
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com