Shiro(3) ShirO Combat - Spring Integration Shiro(Case)

Add the jar package to configure the web. XML file to configure Shiro in the Spring configuration file

Configure the web.xml file

Configure the Filter for starting the Spring IOC container. Configure the Shiro Filter in the WEB applicationCopy the code

Configure Shiro in the Spring configuration file

Configure a custom Realm: Implement custom authentication and authorization configuration Cache policy configuration used by Shiro entity classes SecurityManager configuration Lifecycle Bean post-processor configuration AOP-style method level permission checking configuration that ensures that Shiro’s internal Bean declaration cycles are executed Shiro Filter

Configure Shiro Filter

FilterChainDefinitions property: Sets the URL that Shiro Filter intercepts and the permission information required to access the URL. Format: URL_Ant_Path_Expression = Path_Specific_Filter_Chain.

To the left of the equals sign is an Ant style path expression associated with the Web application context root. To the right of the equals sign is a comma-separated list of filters to execute requests that match the pathCopy the code

Ant style resource addresses support three types of matching characters:

? : Matches a character in the file name * : matches any character in the file name ** : ** Matches a multi-level pathCopy the code

Path expression

URL permissions are first matched, for example:

/account/** = ssl, authc
/account/signup = anon
Copy the code

If the incoming request access/account/signup/index. The HTML, will match the SSL, authc permissions, and annon will never be matched. Because the /account/** match short-circuited the rest of the permission definition

Permission information

Permissions are a comma-separated list of filters used to perform a match on the path request. The value must be in the following format: filter1[optional_config1], filter2[optional_config2]…

FilterN: alias for a filter in Shiro [optional_configN] : Optional permission string. If the filter does not require specific configuration for the URL path, you can omit the parentheses and filteN[] becomes filterN.Copy the code

The default filter in Shiro

1, user, and authc: When a rememberrememberme application is enabled, the next time you rememberrememberme, the user will be a user (authc is not authc) because authc needs to be re-authenticated. Simply put: a former user opened a rememberMe when he logged in, then closed his browser and the next time he visited, he would be a user instead of authc

Remembered and Authenticated

He will always remember me.

One keep in mind that my Subject is not anonymous, but has a known identity ID(i.e. subject.getprincipals () is non-empty). That is, the remembered ID was authenticated in the previous session. If subject.isremembered () returns true, the subject is considered remembered.Copy the code

Authenticated:

An authenticated Subject isAuthenticated successfully in the current Session: the login method is called without throwing an exception. If subject.isauthenticated () returns true, the Subject isAuthenticated.Copy the code

Note: Remembered and Authenticated are mutually exclusive – if one is true the other is false and vice versa

FilterChainDefinitions case

Roles [admin] : Indicates that the user has been authenticated and has an admin role. /edit=authc,perms[admin:edit] : Indicates that the user must be authenticated and have admin:edit permission. /home=user: indicates that the user does not need to be authenticated and only needs to have been remembered by Shiro

Annotation-based authorization

Shiro provides @requiresAuthentication: Class/instance/method access or invocation that requires the current Subject to be authenticated in the current session to be annotated. RequiresGuest: Requires the current Subject to be a “guest”, i.e. they must be accessed or called by classes/instances/methods that have not been validated or remembered in a previous session to be annotated. RequiresPermissions: Requires the current Subject to be granted one or more permissions to perform annotated missions, for example: @Requirespermissions (” Account: Create “) @RequiresRoles: The current Subject is required to have all specified roles. If they do not, the method will not be executed and the AuthorizationException will be thrown. For example: @requiresRoles (” Administrator “) @requiresuser: An annotated class/instance/method can be accessed or invoked only if the current Subject is an application user. Either be confirmed through validation or remember the ‘RememberMe’ service in the previous session.

Tag library-based authorization: guest

The Guest tag shows what it contains, only if the current Subject is considered guest. Guest is any Subject without an ID: not logged in and not remembered from the last visit (RememberMe service) The guest tag is the logical opposite of the user tag. Example: Hi there! Please Login or Signuptoday! \

Tag library-based authorization: user

The User tag shows what it contains, only if the current Subject is considered user. User is defined in this context as a Subject with a known identity ID or successfully authenticated and RememberMe service. This tag is semantically different from the Authenticated tag, which is more strict. The usRE tag has the opposite logic to the guest tag.

Tag library-based authorization

Authenticated: Only when the current user has successfully authenticated in the current session does the authenticated tag display its content. More strict than the user tag. Logically opposite to notAuthenticated tag. 2, notAuthenticated: Currently the Subject has not been successfully validated in its current session, The principal tag prints the principal (identifying attributes) or main attributes of the Subject. 4. HasRole Displays the contents of the Subject when the current Subject has been assigned a specific role. The hasRole tag has the opposite logic to the lacksRole tag. Such as:

<shiro:hasRole name="administrator">
<a href="admin.jsp">Administer the system</a>
</shiro:hasRole>
Copy the code

LacksRole tag: If the Subject has not been assigned a specific role, show what it contains. HasAnyRole tag: The Subject is assigned any specific role from a comma-separated list of role names, show what it contains. Such as:

<shiro:hasAnyRoles name="developer, project manager, administrator">
You are either a developer, project manager, or administrater.
</shiro:hasAnyRoles>
Copy the code

7. HasPermission tag: When the current Subject has a specific permission, it shows what it contains. The hasPermission tag is the opposite of the lacksPermission tag logic. Such as:

<shiro:hasPermission name="user:create">
<a href="createUser.jsp">Create a new User</a>
</shiro:hasPermission>
Copy the code

LacksPermission tag: The current Subject does not have specific permissions and will display the content it contains. That is, the user has no specific abilities.

Password encryption

Project Case:pan.baidu.com/s/1mhIO1Pe

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Shiro(3) ShirO Combat — Spring Integration Shiro(Case)

Shiro(3) ShirO Combat — Spring Integration Shiro(Case)

Related Posts

Wechat refund fully resolved

Transactions in Spring in the Spring core series

Data analysis starts from scratch. Pandas reads and writes CSV data