ini configuration file
The ini configuration file is actually used in the same way as the properties configuration file, both in the form of key-value pairs (key=value), and the # sign represents a comment
There are four main categories in the ini configuration: main, users, roles, urls
[main] #Provides the configuration of the root object securityManager and its dependencies securityManager=org.apache.shiro.mgt.DefaultSecurityManager ………… securityManager.realms=$jdbcRealm [users] #Provides configuration of users/passwords and their roles, username=password, role 1, role 2 username=password,role1,role2 [roles] #Provides the configuration of the relationship between roles and permissions, role = permission 1, permission 2 role1=permission1,permission2 [urls] #Used for web, provides configuration related to web url interception, url=interceptor [parameter], interceptor /index.html = anon /admin/** = authc, roles[admin], perms["permission1"]
[main]
main mainly configures some objects of shiro, such as securityManager, Realm, authenticator, authcStrategy, etc.
#declare a realm MyRealm1=com.shiro.mutilrealm.MyRealm1 MyRealm2=com.shiro.mutilrealm.MyRealm2 #Configure the validator authenticator = org.apache.shiro.authc.pam.ModularRealmAuthenticator # AllSuccessfulStrategy means that both MyRealm1 and MyRealm2 certifications are passed. #Configure policy #authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy authcStrategy = com.shiro.authenticationstrategy.MyAuthenticationStrategy #Associate the validator with the policy authenticator.authenticationStrategy = $authcStrategy #Configure the Realm used by the validator authenticator.realms=$MyRealm2,$MyRealm1 #Set Authenticator to securityManager securityManager.authenticator = $authenticator
In the web application, we can make the following configuration, which means that if the user is not logged in to access, it will automatically jump to the /login page
authc.loginUrl = / login
[users]
[users] allows you to configure a set of static users, including username, password, role, a user can have multiple roles, you can configure multiple users, for example
username = password, roleName1, roleName2, …, roleNameN
When it comes to passwords, it involves encryption. We can encrypt with algorithms such as MD5, Sha1, and Sha256.
[main] #Tell Shiro which encryption algorithm we use sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher iniRealm.credentialsMatcher = $sha256Matcher [users] #username=password,role admin=355b1bbfc96725cdce8f4a2708fda310a80e6d13315aec4e5eed2a75fe8032ce,role1
Get the hex encrypted string of the password
String ss = new Sha256Hash("cc").toHex();
[roles]
[roles] Associate roles and permissions in the format: role name = permission string 1, permission string 2..... , for example
role1 = printer:print,printer:query
[urls]
This part of the configuration is mainly in web applications, the format is: url=interceptor[parameter], interceptor[parameter]... , for example
/login=anon /unauthorized=anon /static/**=anon /authenticated=authc /role=authc,roles[admin] /permission=authc,perms["user:create"]
Parse
- anon means anonymous access, that is, you can access without logging in. For example, the path /login can be accessed anonymously.
- authe says login is required to access
- roles[admin] means that only users with the admin role can access
- perms["user:create"] indicates that only those with this permission can access
url wildcard
- ?: matches a character
- *: matches zero or more characters
- **: matches zero or more paths
The url matching order is according to the order you configured