[One of] Shiro Shiro study entry

Others 2019-10-18 19:34:43 views: null

One, Shiro

Apache Shiro is a Java security framework.

1, the official website: http: //shiro.apache.org/

2, three core components

Subject: namely, "The current user" may refer to a person, third-party process, the background accounts or other similar things. Subject represents the current user's security operation, SecurityManager manage all users of the security operation.

SecurityManager: It is the core framework of Shiro, a typical Facade pattern, Shiro to manage the internal component instance by SecurityManager, and through it to provide a variety of services security management.
  
Realm: Realm act as a "bridge" or "connector" between Shiro and application security data. That is, when a user performs an authentication (login) and authorization (access control) verification, Shiro looks for information from users and their privileges in the application configuration Realm.
In this sense, Realm is essentially a safety-related DAO: It encapsulates the data source connection details, and if necessary will provide relevant data to Shiro. When configuring Shiro, a plurality Realm is possible, but requires at least a.


Two, SpringBoot integrated Shiro

1, the configuration dependent

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.9.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.wjy</groupId>
    <artifactId>shirodemo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>shirodemo</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.4.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>
View Code

2, Shiro arrangement

package com.wjy.shirodemo;

import java.util.HashMap;
import java.util.Map;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
    @Bean
    publicShirFilter ShiroFilterFactoryBean (the SecurityManager securityManager) { 
        ShiroFilterFactoryBean shiroFilterFactoryBean = new new ShiroFilterFactoryBean (); 
        shiroFilterFactoryBean.setSecurityManager (securityManager); 

        the Map <String, String> = filterChainDefinitionMap new new the HashMap <String, String> ();
         // address access time log, i.e. without access to any address of the page jump to log 
        shiroFilterFactoryBean.setLoginUrl ( "/ the Login" );
         // jump when authentication is not accessible through the address, that is certified but do not have permission address 
        shiroFilterFactoryBean.setUnauthorizedUrl ( "/ unauthc" ) ;
         // turn after successful authentication of the set address
        shiroFilterFactoryBean.setSuccessUrl ( "/ authc / index" ); 

        // / * interception anon said they did not allow anyone to access 
        filterChainDefinitionMap.put ( "/ *", "anon" );
         // / authc / index must be logged in to access 
        filterChainDefinitionMap. PUT ( "/ authc / index", "authc" );
         // / authc / admin admin role is required to access 
        filterChainDefinitionMap.put ( "/ authc / admin", "the roles [admin]" );
         // / authc / need for renewable Create, Update authority 
        filterChainDefinitionMap.put ( "/ authc / renewable", "PERMS [Create, Update]" );
        // /authc/removable需要有Delete权限
        filterChainDefinitionMap.put("/authc/removable", "perms[Delete]");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        // 散列算法
        hashedCredentialsMatcher.setHashAlgorithmName(PasswordHelper.ALGORITHM_NAME);
        // 散列次数
        hashedCredentialsMatcher.setHashIterations(PasswordHelper.HASH_ITERATIONS);
        return hashedCredentialsMatcher;
    }

    @Bean
    public EnceladusShiroRealm shiroRealm() {
        EnceladusShiroRealm shiroRealm = new EnceladusShiroRealm();
        // 原来在这里
        shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return shiroRealm;
    }

    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(shiroRealm());
        return securityManager;
    }

    @Bean
    public PasswordHelper passwordHelper() {
        return new PasswordHelper();
    }
}

Other Reference Code: githup


Verification:
(1) Registration: http: // localhost: 8088 / register username = wjy & password = 123456?

(2) is not logged in to access index: http: // localhost: 8088 / authc / index will jump to the login page: http: // localhost: 8088 / login

(3) log in using an incorrect password: http: // localhost: 8088 / doLogin username = wjy & password = 123?

(4) successful login: http: // localhost:? 8088 / doLogin username = wjy & password = 123456 Jump to http: // localhost: 8088 / authc / index


Reference
How 30 minutes to learn to use Shiro  
30 minutes to understand Springboot integration Shiro  
Shiro core design ideas 

Guess you like

Origin www.cnblogs.com/cac2020/p/11700100.html
Recommended
Ranking
PAT Level B 1094 Google's Recruitment (20 points) Python
Old Wei wins the offer to take you to learn --- brush (integer number 31. 1 appears) title series
Bilibili: Barrage Screening: Baijiaxing: Import XML directly
개체 배열 중복 제거
matplotlib—patches.Circle
[Observation] It is also a cordless vacuum cleaner, why does Dyson V10 dare to sell 4990 yuan?
0410
Apache Kafka message delivery reliability analysis
How hotel occupancy records inquiry etj
Essential knowledge for getting started with speculating in spot silver
Daily
More
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com