Shulou(Shulou.com)06/01 Report--

Today, I will introduce to you what the application of Apache Shiro in web development security framework is. The content of the article is good. Now I would like to share it with you. Friends who feel in need can understand it. I hope it will be helpful to you. Let's read it along with the editor's ideas.

Web develops the Application of Apache Shiro in Security Framework

In the previous stage, I shared some content on hadoop. I hope it will be of some help to novice friends. For beginners of hadoop, the DKHadoop distribution version of Fast search is recommended, and the three-node standard version is worth having (the standard version of three nodes can be downloaded for free, the same as the current function of the paid version, but the number of nodes is different, and three nodes is enough for beginners). Learning hadoop can be downloaded to study the use of learning, you can also leave a message to ask me!

Today I'm going to share the application of Apache Shiro in web development. Shiro security framework is by far the most commonly used framework for login registration, because it is very powerful and simple, providing authentication, authorization, encryption, session management and other functions.

What can shiro do?

Authentication: verifying the identity of a user

Authorization: perform access control on the user: determine whether the user is allowed to do something

Session management: use Session API in any environment, even if there is no Web or EJB container.

Encryption: use encryption in a more concise and easy-to-use way to protect or hide data from peeping

Realms: a data source that aggregates one or more user security data

Single sign-on (SSO) function.

Enable the "Remember Me" service for users who are not associated with login

The four core parts of Shiro

Authentication (authentication): abbreviated as "login", that is, to prove who the user is.

Authorization (authorization): the process of access control, that is, determining whether you have permission to access protected resources.

Session Management (session Management): manages user-specific sessions, even in non-Web or EJB applications.

Cryptography (encryption): keep data secure by using encryption algorithms

The three core components of shiro:

Subject: the person who is interacting with the system, or a third-party service. All Subject instances are bound to (and this is required) a SecurityManager.

The heart of SecurityManager:Shiro architecture is used to coordinate internal security components, manage internal component instances, and provide various security management services through it. When a Shiro interacts with a Subject, it is essentially the SecurityManager behind the scenes that handles all the onerous Subject security operations.

Realms: essentially a security-specific DAO. When configuring Shiro, you must specify at least one Realm for authentication and / or authorization. Shiro provides a variety of available Realms to obtain security-related data. Such as relational database (JDBC), INI and property files, etc. You can define your own Realm implementation to represent a custom data source.

Shiro integrates the SSM framework:

1. Add jar package

two。 Configure the web.xml file

Add the following code to web.xml-shiro filter.

ShiroFilter

Org.springframework.web.filter.DelegatingFilterProxy

TargetFilterLifecycle

True

ShiroFilter

/ *

3. Configure Shiro in the configuration file of Spring

In Springmvc configuration file:

Import the shiro configuration file into the Spring configuration file:

Create a new applicationContext-shiro.xml

At this point, the configuration files are basically ready. Next, write the Realm method, create a new shiro package, and create a new MyRealm.java file under the package that inherits AuthorizingRealm.

The above configuration has been completed, and then verified by action

/ / Login authentication

@ RequestMapping ("/ shiro-login")

Public String login (@ RequestParam ("username") String username

@ RequestParam ("password") String password) {

Subject subject = SecurityUtils.getSubject ()

UsernamePasswordToken token = new UsernamePasswordToken (username, password)

Try {

/ / perform authentication operation.

Subject.login (token)

} catch (AuthenticationException ae) {

System.out.println ("login failed:" + ae.getMessage ())

Return "/ index"

}

Return "/ shiro-success"

}

/ hint: remember to encrypt the password before storing it in the database during registration. Provide a utils method.

/ / perform shiro encryption, and return the encrypted result

Public static String md5 (String pass) {

String saltSource = "blog"

String hashAlgorithmName = "MD5"

Object salt = new Md5Hash (saltSource)

Int hashIterations = 1024

Object result = new SimpleHash (hashAlgorithmName, pass, salt, hashIterations)

String password = result.toString ()

Return password

}

Shiro login verification is done here, shiro is mainly for login authentication, permissions and menu module settings.

These are all the contents of the application of Apache Shiro in the web development security framework, and more content related to the application of Apache Shiro in the web development security framework can be searched for previous articles or browse the following articles to learn ha! I believe the editor will add more knowledge to you. I hope you can support it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.