The three core modules of shiro: Subject (user), SecurityManager (framework heart), Realm (the "bridge" between Shiro and application security data)
SecurityManager manages cacheManager cache and sessionManager session, and sessionManager manages sessionDAO session DAO and sessionIdCookie session ID Generator and sessionValidationScheduler session validation scheduler, cacheManager is implemented by using Ehcache, Realm is implemented by its own custom or other means of permission storage, such as login, etc.
Using the unified data access layer
Built- in FilterChain
========= ===================================================== =================================================
1) Shiro verification When the URL is successfully matched, it will not continue to match the search (so pay attention to the URL order in the configuration file, especially when using wildcards),
so the configuration order of filterChainDefinitions is from top to bottom, whichever is the top
2) When running For a web application, Shiro will create some useful default Filter instances, located under the org.apache.shiro.web.filter package in shiro-web-xx.jar
anon ------- -----org.apache.shiro.web.filter.authc.AnonymousFilter
authc--------------org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic---------org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
logout-------------org.apache.shiro.web.filter.authc.LogoutFilter
noSessionCreation--org.apache.shiro.web.filter.session.NoSessionCreationFilter
perms--------------org.apache.shiro.web.filter.authz.PermissionAuthorizationFilter
port---------------org.apache.shiro.web.filter.authz.PortFilter
rest---------------org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles--------------org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl----------------org.apache.shiro.web.filter.authz.SslFilter
user---------------org.apache.shiro.web.filter.authz.UserFilter
======================= ===================================================== ===================================
3) These filters can usually be divided into two groups:
anon, authc, authcBasic, user is the first group of authentication filters
perms, port, rest, roles, ssl is the second group of authorization filters
Note that user and authc are different: when rememberMe is enabled in the application, the user can be a user the next time he accesses, but It will never be authc, because authc is a user who needs to be re-authenticated,
indicating that the user may not have been authenticated. As long as the user who has been remembered by Shiro's login status can initiate a request normally, such as rememberMe, to put it bluntly,
when a previous user logs in Turn on rememberMe, then he closes the browser, next time he visits, he will be a user without authc
=========================== ===================================================== ===============================
4) For example
, /admin=authc,roles[admin] means that the user must have passed the Authentication, and have the admin role to initiate the '/admin' request normally
/edit=authc,perms[admin:edit] means that the user must be authenticated and have the admin:edit permission to initiate a '/edit' request normally
/home=user means that the user does not necessarily need to be authenticated, but only needs to be authenticated Shiro remembers the login status and can initiate a '/home' request normally
===================================== ===================================================== ======================
5) The default filters are commonly used as follows (note that two stars are used in the URL Pattern, so as to achieve full matching at any level )
/admins/**=anon No parameter, it can be used anonymously, it can be understood as an anonymous user or tourist
/admins/user/**=authc No parameter, it means authentication can be used
/admins/user/**=authcBasic None Parameter, means httpBasic authentication
/admins/user/**=user No parameter, means there must be a user, no check is done when logging in
/admins/user/**=ssl No parameter, means secure URL request, the protocol is https Multiple parameters can be written in
/admins/user/**=perms[user:add:*] , and quotation marks must be added when multiple parameters are used, and the parameters are separated by commas, such as /admins/user/**=perms["
user:add:*,user:modify:*"]
When there are multiple parameters, each parameter must be passed to pass, which is equivalent to the isPermitedAll() method
/admins/user/**=port[8081]
When the requested URL port is not 8081, jump to schema:// serverName:8081?queryString
where schmal is the protocol http or https, serverName is the Host you are visiting, 8081 is the Port port, and queryString is the URL you are visiting? The following parameters are
/admins/user/**=rest[user]
According to the method of the request, it is equivalent to /admins/user/**=perms[user:method], where the method is post, get, delete, etc.
/admins/user/**=roles[admin]
parameters can be written in multiple, multiple When there are multiple parameters, quotation marks must be added, and the parameters are separated by commas, such as /admins/user/**=roles["admin,guest"]
When there are multiple parameters, each parameter must be passed to be passed, which is equivalent to hasAllRoles() method
6) supports the use of custom permission interception filters,
<property name="filterChainDefinitions">
<value>
/web/widget/**=anon
/**=licenseFilter, authcFilter//Custom permission filter
</value>
</property> Two ways for
shiro to exit:
There are two ways to implement logout
1. Implement your own logout method in ordinary action, get the Subject, and then logout
SecurityUtils.getSubject().logout();
SessionUtil .removeSessionUser();
The url of the action corresponding to filterChainDefinitions needs to be configured in ShiroFilterFactoryBean
as anon
<property name="filterChainDefinitions">
<value>
# some example chain definitions:
/index.htm = anon
/logout = anon
/unauthed = anon
/console/** = anon
/css/** = anon
/js/** = anon
/lib/** = anon
</value>
</property>
2. To use the logout filter provided by shiro, you
need to define the corresponding bean
<bean id="logout" class="org.apache.shiro.web.filter.authc. LogoutFilter">
<property name="redirectUrl" value="/loginform" />
</bean>
Then configure the corresponding url filter to logout as follows
<property name="filterChainDefinitions">
<value>
/index. htm = anon
/logout = logout
/unauthed = anon
/console/** = anon
/css/** = anon
/js/** = anon
/lib/** = anon
</value>
</property>
Shiro-authority management filterChainDefinitions filter configuration
Guess you like
Origin http://43.154.161.224:23101/article/api/json?id=326050928&siteId=291194637
Recommended
Ranking