One, Shiro
Apache Shiro is a Java security framework.
1, the official website: http: //shiro.apache.org/
2, three core components
Subject: namely, "The current user" may refer to a person, third-party process, the background accounts or other similar things. Subject represents the current user's security operation, SecurityManager manage all users of the security operation.
SecurityManager: It is the core framework of Shiro, a typical Facade pattern, Shiro to manage the internal component instance by SecurityManager, and through it to provide a variety of services security management.
Realm: Realm act as a "bridge" or "connector" between Shiro and application security data. That is, when a user performs an authentication (login) and authorization (access control) verification, Shiro looks for information from users and their privileges in the application configuration Realm.
In this sense, Realm is essentially a safety-related DAO: It encapsulates the data source connection details, and if necessary will provide relevant data to Shiro. When configuring Shiro, a plurality Realm is possible, but requires at least a.
Two, SpringBoot integrated Shiro
1, the configuration dependent
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.9.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.wjy</groupId> <artifactId>shirodemo</artifactId> <version>0.0.1-SNAPSHOT</version> <name>shirodemo</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> <scope>runtime</scope> <optional>true</optional> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
2, Shiro arrangement
package com.wjy.shirodemo; import java.util.HashMap; import java.util.Map; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class ShiroConfig { @Bean publicShirFilter ShiroFilterFactoryBean (the SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new new ShiroFilterFactoryBean (); shiroFilterFactoryBean.setSecurityManager (securityManager); the Map <String, String> = filterChainDefinitionMap new new the HashMap <String, String> (); // address access time log, i.e. without access to any address of the page jump to log shiroFilterFactoryBean.setLoginUrl ( "/ the Login" ); // jump when authentication is not accessible through the address, that is certified but do not have permission address shiroFilterFactoryBean.setUnauthorizedUrl ( "/ unauthc" ) ; // turn after successful authentication of the set address shiroFilterFactoryBean.setSuccessUrl ( "/ authc / index" ); // / * interception anon said they did not allow anyone to access filterChainDefinitionMap.put ( "/ *", "anon" ); // / authc / index must be logged in to access filterChainDefinitionMap. PUT ( "/ authc / index", "authc" ); // / authc / admin admin role is required to access filterChainDefinitionMap.put ( "/ authc / admin", "the roles [admin]" ); // / authc / need for renewable Create, Update authority filterChainDefinitionMap.put ( "/ authc / renewable", "PERMS [Create, Update]" ); // /authc/removable需要有Delete权限 filterChainDefinitionMap.put("/authc/removable", "perms[Delete]"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); // 散列算法 hashedCredentialsMatcher.setHashAlgorithmName(PasswordHelper.ALGORITHM_NAME); // 散列次数 hashedCredentialsMatcher.setHashIterations(PasswordHelper.HASH_ITERATIONS); return hashedCredentialsMatcher; } @Bean public EnceladusShiroRealm shiroRealm() { EnceladusShiroRealm shiroRealm = new EnceladusShiroRealm(); // 原来在这里 shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return shiroRealm; } @Bean public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(shiroRealm()); return securityManager; } @Bean public PasswordHelper passwordHelper() { return new PasswordHelper(); } }
Other Reference Code: githup
Verification:
(1) Registration: http: // localhost: 8088 / register username = wjy & password = 123456?
(2) is not logged in to access index: http: // localhost: 8088 / authc / index will jump to the login page: http: // localhost: 8088 / login
(3) log in using an incorrect password: http: // localhost: 8088 / doLogin username = wjy & password = 123?
(4) successful login: http: // localhost:? 8088 / doLogin username = wjy & password = 123456 Jump to http: // localhost: 8088 / authc / index
Reference
How 30 minutes to learn to use Shiro
30 minutes to understand Springboot integration Shiro
Shiro core design ideas