Shiro Getting Started Tutorial

Others 2022-04-28 07:21:11 views: 0

What is shiro 

Shiro is an open source framework of apache, a framework for rights management, which implements user authentication and user authorization.

 

There is spring security (formerly Acegi) in spring, which is a permission framework. It is too closely dependent on spring and is not as easy to use as shiro.

Shiro does not depend on spring. Shiro can not only implement authority management of web applications, but also C/S system and distributed system authority management. Shiro is a lightweight framework, and more and more enterprise projects begin to use shiro.

 

Using shiro to achieve system rights management, effectively improve development efficiency, thereby reducing development costs.

 

shiro architecture

 

subject: The subject, which can be a user or a program. To access the system, the system needs to authenticate and authorize the subject.

 

securityManager: The security manager, the authentication and authorization of the subject are carried out through the securityManager.

 

authenticator: the authenticator, the authentication of the subject is finally carried out through the authenticator.

 

authorizer: Authorizer, the principal is finally authorized by the authorizer.

 

sessionManager: In web applications, web containers are generally used to manage sessions, and shiro also provides a set of session management methods.

 

SessionDao: Manage session data through SessionDao, and use sessionDao for personalized session data storage.

 

Cache Manager: The cache manager mainly caches session and authorization data. For example, the authorization data is cached through the cacheManager, and the cached data is managed by integrating with ehcache.

 

realm: domain, realm, equivalent to a data source, access authentication and authorization-related data through realm.

 

Note: The logic of authorization and authentication is stored in realm.

 

cryptography: password management, provides a set of encryption/decryption components for easy development. For example, it provides commonly used functions such as hashing and encryption/decryption.

Such as md5 hash algorithm.

 

Shiro Certification Starter Program

Configuration Data:

 

3.1  Starter program code 

// user login and logout
	@Test
	public void testLoginAndLogout() {

		// Create securityManager factory, create securityManager factory through ini configuration file
		Factory<SecurityManager> factory = new IniSecurityManagerFactory(
				"classpath:shiro-first.ini");
		
		//Create SecurityManager
		SecurityManager securityManager = factory.getInstance();
		
		//Set the securityManager to the current operating environment
		SecurityUtils.setSecurityManager(securityManager);
		
		//Create a subject from SecurityUtils
		Subject subject = SecurityUtils.getSubject();
		
		//Prepare token (token) before authentication submission
		UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "111111");

		try {
			//Execute authentication submission
			subject.login(token);
		} catch (AuthenticationException e) {
			// TODO Auto-generated catch block
			e.printStackTrace ();
		}		
		//Whether the authentication is passed
		boolean isAuthenticated =  subject.isAuthenticated();
		
		System.out.println("Whether authenticated: " + isAuthenticated);
		
		// exit the operation
		subject.logout();
		
		//Whether the authentication is passed
		isAuthenticated =  subject.isAuthenticated();
		
		System.out.println("Whether authenticated: " + isAuthenticated);
				
	}

 

3.2 Execution process 

 

1. Create securityManager through ini configuration file

2. Call the subject.login method to submit the authentication and submit the token

3. The securityManager is authenticated, and the securityManager is finally authenticated by the ModularRealmAuthenticator.

4. ModularRealmAuthenticator calls IniRealm (passes in token to realm) to query user information in ini configuration file

5. IniRealm queries user information from shiro-first.ini according to the input token (UsernamePasswordToken), and queries user information (account and password) according to the account number.

If the user information is queried, return the user information (account and password) to ModularRealmAuthenticator

If the query cannot be found, return null to ModularRealmAuthenticator

6. ModularRealmAuthenticator receives the Authentication authentication information returned by IniRealm

If the returned authentication information is null, ModularRealmAuthenticator throws an exception (org.apache.shiro.authc.UnknownAccountException)

 

If the returned authentication information is not null (indicating that inirealm has found the user), compare the user password (existing in the ini file) returned by IniRealm with the password in the token, and throw an exception (org.apache.shiro.authc.IncorrectCredentialsException if they are inconsistent). )

 

summary:

ModularRealmAuthenticator is used for authentication, and realm needs to be called to query user information (user information exists in the database)

ModularRealmAuthenticator performs password comparison (authentication process).

 

realm: The database needs to be queried according to the identity information in the token (the entry program uses the ini configuration file). If the user is found, the authentication information will be returned. If the query cannot be found, it will return null.

 

 

custom realm

 

In the future, actual development requires realm to query user information from the database.

 

4.1  Custom realm

 

 

 

4.2  Configure realm

Need to configure realm in shiro-realm.ini to inject into securityManager.

 

 

Hash Algorithms

Usually the password needs to be hashed, commonly used are md5, sha,

 

For the md5 password, if the hashed value is known, the plaintext corresponding to the md5 password can be obtained through an exhaustive algorithm.

It is recommended to add salt (salt) when hashing md5. Encryption is equivalent to hashing the original password + salt.

Hashing method in normal use:

The original password + salt is hashed in the program, the hash value is stored in the database, and the salt is also stored in the database.

 

When comparing passwords, use the same method to hash the original password + salt for comparison.

 

 

5.1  md5 hash test procedure:

 

5.2 Custom realm supports hashing algorithm

 

Requirement: Realm needs to compare the md5 value (the value after the plaintext hash) during actual development.

 

5.2.1  Create a new realm (CustomRealmMd5)

 

 

 

5.2.2  Configuring the credential matcher in realm

 


 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326168085&siteId=291194637
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com