“This is the 25th day of my participation in the November Gwen Challenge. See details of the event: The Last Gwen Challenge 2021”.

Springboot integration shior first experience

What is Shiro?

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password, and session management. Using Shiro’s easy-to-understand apis, you can quickly and easily obtain any application, from the smallest mobile applications to the largest web and enterprise applications.

It has three core components: Subject, SecurityManager, and Realms. Subject: “current user.” However, in Shiro, the concept of Subject does not just refer to people. It can also be a third-party process, a Daemon Account, or something similar. It simply means “what is currently interacting with the software.” Subject represents the security actions of the current user, and SecurityManager manages the security actions of all users. SecurityManager: It is the core of Shiro’s framework, a typical Facade pattern through which Shiro manages internal component instances and provides various services for security management. Realm: Realm acts as a “bridge” or “connector” between Shiro and application security data. That is, when authenticating a user (login) and authenticating a user (access control), Shiro looks up the user and their permission information from an application-configured Realm.

Quick start

  • Introducing Maven coordinates

    <! -- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring --><! <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.53.</version>
    </dependency>
    Copy the code
  • Writing the Config file

    package com.config;
    
    import org.apache.shiro.mgt.DefaultSecurityManager;
    
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.springframework.beans.factory.annotation.Qualifier;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    import java.util.HashMap;
    import java.util.Map;
    
    
    // Shiro's configuration class
    @Configuration
    public class ShiroConfig {
    
        // Step 3: ShiroFilterFactoryBean
        @Bean
        public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager defaultSecurityManager){
            ShiroFilterFactoryBean  shiroFilterFactoryBean =new ShiroFilterFactoryBean();
            // Set the security manager
            shiroFilterFactoryBean.setSecurityManager(defaultSecurityManager);
    
            Add shiro's built-in filters
               /* anno: authc: authc: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC
            Map<String,String> filterMap =new HashMap<String, String>();
            shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
            filterMap.put("/user/add"."authc");// Only authenticated can access the /user/add page
            filterMap.put("/user/update"."authc");
            
    
            return shiroFilterFactoryBean;
        }
    
    
        / / get DafaultWebSecurityManager second step
        @Bean(name = "securityManager")// Set your own method name instead of the default method name
        public DefaultSecurityManager getWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){/ / bind userRealm
            DefaultWebSecurityManager webSecurityManager =new DefaultWebSecurityManager();
            / / associated userRealm
            webSecurityManager.setRealm(userRealm);
            return webSecurityManager;
        }
    
        // The first step is to create a realm object
        @Bean
        public UserRealm userRealm(a){
            return new UserRealm();
        }// The custom UserRealm class is hosted by Spring
    }
    
    Copy the code
  • Create test HTML

    <! DOCTYPEhtml>
    <html lang="en" xmlns:th="http://www.thymeleaf.org">
    <head>
        <meta charset="UTF-8">
        <title>Title</title>
    </head>
    <body>
    
        <h1>Home page</h1>
        <hr>
        <a th:href="@{/user/add}">add</a>
        <a th:href="@{/user/update}">update</a>
    
    </body>
    </html>
    Copy the code

<! DOCTYPEhtml>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
        add
</body>
</html>
Copy the code

<! DOCTYPEhtml>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    update
</body>
</html>
Copy the code

To begin testing

Login interface:

Click the Add button in the picture:

Click the Update button in the picture:

Are not authorized to access the site

Improvement ideas

If you do not have permission, you should go to the login page instead of reporting a 404 error, so you need to add the login page and modify some code

Adding a login page

<! DOCTYPEhtml>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <h1>landing</h1>
    <hr>
    <form action="/login">
        <p>Account:<input type="text" name="usermame"></p>
        <p>Password:<input type="text" name="password"></p>
        <input type="submit" value="Login">
    </form>
</body>
</html>
Copy the code

Modify the Controller

Added login method

package com.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class ShiroController {

    @RequestMapping({"/","/index"})
    public String toindex(a){
        return "index";
    }

    @RequestMapping({"/user/add"})
    public String add(a){
        return "user/add";
    }

    @RequestMapping({"/user/update"})
    public String update(a){
        return "user/update";
    }

    @RequestMapping({"/login"})
    public String login(a){
        return "user/login"; }}Copy the code

Modifying the Config file

Add the setLoginUrl method

package com.config;

import org.apache.shiro.mgt.DefaultSecurityManager;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.Map;


// Shiro's configuration class
@Configuration
public class ShiroConfig {

    // Step 3: ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager defaultSecurityManager){
        ShiroFilterFactoryBean  shiroFilterFactoryBean =new ShiroFilterFactoryBean();
        // Set the security manager
        shiroFilterFactoryBean.setSecurityManager(defaultSecurityManager);

        Add shiro's built-in filters
           /* anno: authc: authc: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC
        Map<String,String> filterMap =new HashMap<String, String>();

        filterMap.put("/user/add"."authc");// Only authenticated can access the /user/add page
        filterMap.put("/user/update"."authc");
        //filterMap.put("/user/*","authc"); Wildcard characters are supported
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        shiroFilterFactoryBean.setLoginUrl("/login");// Set the login request


        return shiroFilterFactoryBean;
    }


    / / get DafaultWebSecurityManager second step
    @Bean(name = "securityManager")// Set your own method name instead of the default method name
    public DefaultSecurityManager getWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){/ / bind userRealm
        DefaultWebSecurityManager webSecurityManager =new DefaultWebSecurityManager();
        / / associated userRealm
        webSecurityManager.setRealm(userRealm);
        return webSecurityManager;
    }

    // The first step is to create a realm object
    @Bean
    public UserRealm userRealm(a){
        return new UserRealm();
    }// The custom UserRealm class is hosted by Spring
}

Copy the code

The test again

Click Add (Update)

Okk!!!!! The first shiro integration with Springboot is over, and I’ll keep learning! My blog is synchronized to tencent cloud + community, invite everyone to come together: cloud.tencent.com/developer/s…