Recently separated from the back-end integration projects in the former shiro project, toss all of a sudden, with reference to some online blog, I found that most are still before the traditional model does not apply to the front and rear ends of the splitter structure. We got in under the demo today for later use and reference later people.
A, springboot integrated frame shiro
About shior framework may refer to this , it is necessary to introduce the relevant jar as follows:
<!--shiro核心jar-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<!--实现session共享。缓存等-->
<dependency>
<groupId>org.crazycake</groupId>
<artifactId>shiro-redis</artifactId>
<version>3.2.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>Not integrated Spring / SpringBoot ago, is the need to Web.xmldefine org.apache.shiro.web.servlet.ShiroFilter filter
settings listener in the web.xml initialization is complete Shiro
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Shiro 的 EnvironmentLoaderListener 就是一个典型的 ServletContextListener,它也是整个 Shiro Web 应用的入口 。EventListener is a sign of the interface, there is no way, the Listener Servlet container should inherit all this interface (this is the Servlet specification).
ServletContextListener ServletContext is a listener, for monitoring the startup and shutdown event container, comprising the following two methods:
void the contextInitialized (ServletContextEvent SCE); // Called when the container starts
void contextDestroyed (ServletContextEvent sce); // when the container is closed when you call
ServletContext object can be obtained directly from the ServletContextEvent in.
EnvironmentLoaderListener not only to achieve ServletContextListener interface also extends EnvironmentLoader class, life-cycle should be required in the object method calls EnvironmentLoader Servlet container
from the beginning Shiro 1.2 introduces the concept of Environment / WebEnvironment, i.e. by their implementation and their respective SecurityManager corresponding dependent. ShiroFilter will automatically find and retrieve the corresponding dependence Environment.
To create the appropriate WebEnvironment by EnvironmentLoaderListener, and automatically bound to ServletContext, use IniWebEnvironment realized default.
EnvironmentLoader features:
When the container is started, the reading web.xml file from which to obtain WebEnvironment interface implementation class (default IniWebEnvironment), initialize the instance, and load it into the ServletContext.
When the container is closed, destroyed WebEnvironment instance, and removed from the ServletContext.
IniWebEnvironment features:
Shiro.ini find and load the configuration file, first look for from their own member variables, and then locate the web.xml, then look from under / WEB-INF, and then look from the classpath, if none is found, the error directly.
When found after the start parsing ini configuration file, then constructed a Bean container (equivalent to a lightweight IOC container), the ultimate goal is to create objects and FilterChainResolver WebSecurityManager object creation process uses the Abstract Factory pattern
EnvironmentLoaderListener nothing more than create the object when the container starts WebEnvironment by the object to read Shiro configuration file, create WebSecurityManager (security manager) and FilterChainResolver (filter chain parser) object that has played an important role in ShiroFilter in.
Shiro ShiroFilter entire entry point, the security control required for intercepting the request is processed.
Because it intercepts all requests, behind Authentication (authentication) and Authorization (authorization) by ShiroFilter final say
And after the Spring / SpringBoot integration, we only need to inject ShiroFilter, ShiroFilter by the ShiroFilterFactoryBean responsible for creating. So inject ShiroFilterFactoryBean, you can create ShiroFilter by the ShiroFilterFactoryBean
Second, the separation of the front and rear ends encountered in the pit
- The server need to open cross-domain support
- Only returns Json, do not redirect
- OPTIONS Request authentication operation is not performed
Complete code reference: https://github.com/xieshuang/spring-learn-demo/tree/master/springshiro