Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about how to get started with Apache Shiro. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

Project permissions table

Integration of Shiro and Spring

Import shiro-all-1.4.1.jar package

Configure web.xml

ShiroFilter org.springframework.web.filter.DelegatingFilterProxy shiroFilter / *

Spring profile applicationContext.xml

/ validatecode.jsp* = anon / userAction_login = anon / * = authc

Anon: example / admins/**=anon has no parameters, which means it can be used anonymously.

Authc: for example, / admins/user/**=authc means authentication (login) is required to use it. There are no parameters.

Roles: example / admins/user/**=roles [admin], parameters can be written in quotation marks, and parameters are separated by commas. When there are multiple parameters, such as admins/user/**=roles ["admin,guest"], each parameter is passed, which is equivalent to the hasAllRoles () method.

Perms: example / admins/user/**=perms [user:add:*], parameters can be written in multiple, must be in quotation marks, and parameters are separated by commas

For example, / admins/user/**=perms ["user:add:*,user:modify:*"], when there are multiple parameters, each parameter must be passed to pass, which is equivalent to the isPermitedAll () method.

Rest: example / admins/user/**=rest [user], which is equivalent to / admins/user/**=perms [user:method] according to the requested method, where method is post,get,delete and so on.

Port: example / admins/user/**=port [8081], when the port of the requested url is not 8081, it jumps to schemal://serverName:8081?queryString, where schmal is the protocol http or https, etc., serverName is the port of port in the url configuration, and queryString is the port of the url that you visit? The following parameters.

AuthcBasic: for example, / admins/user/**=authcBasic has no parameter to indicate httpBasic authentication

Ssl: example / admins/user/**=ssl has no parameters and indicates a secure url request. The protocol is https.

User: for example, there is no parameter for / admins/user/**=user to indicate that a user must exist, and no check is made when logging in.

Note: anon,authcBasic,auchc,user is the authentication filter and perms,roles,ssl,rest,port is the authorization filter

Verify login function

BosRealm

Package com.gwl.bos.web.realm;import com.gwl.bos.dao.UserDao;import com.gwl.bos.model.User;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired Public class BosRealm extends AuthorizingRealm {/ * permissions are related to roles * / @ Override protected AuthorizationInfo doGetAuthorizationInfo (PrincipalCollection principalCollection) {return null;} @ Autowired private UserDao userDao; / * login authentication * / @ Override protected AuthenticationInfo doGetAuthenticationInfo (AuthenticationToken authenticationToken) throws AuthenticationException {UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; User user = userDao.findByUsername (token.getUsername ()) If (user! = null) {/ * object queried by Object principal database * password queried by Object credentials, automatically verifies * String realmName current class name * / SimpleAuthenticationInfo info = new SimpleAuthenticationInfo (user, user.getPassword (), this .getClass (). GetSimpleName ()) Return info;} return null;}}

UserAction

Package com.gwl.bos.web.action;public class UserAction extends BaseAction {public String login () {String username = getModel () .getUsername (); String password = getModel () .getPassword (); HttpServletRequest request = ServletActionContext.getRequest (); String serviceCheckCode = (String) request.getSession () .getAttribute ("key"); String clienCheckCode = request.getParameter ("checkcode") If (serviceCheckCode.equalsIgnoreCase (clienCheckCode)) {/ / Login using shiro authentication Subject subject = SecurityUtils.getSubject (); UsernamePasswordToken token = new UsernamePasswordToken (username, MD5Utils.text2md5 (password)); try {subject.login (token); User loginUser = (User) subject.getPrincipal () Subject.getSession () .setAttribute ("loginUser", loginUser); return "home";} catch (AuthenticationException e) {e.printStackTrace (); System.out.println ("login failed, user name password incorrect");} else {System.out.println ("incorrect verification code") } return "loginfailure";}} configure global permissions url / authorizing.jsp permissions control url interception in struts.xml

Spring profile applicationContext.xml

/ page_base_staff = perms ["staff"] @ Override protected AuthorizationInfo doGetAuthorizationInfo (PrincipalCollection principalCollection) {/ / different permissions are given according to the role permissions of the database query SimpleAuthorizationInfo info = new SimpleAuthorizationInfo (); info.addStringPermission ("staff"); / / info.addRole ("staff"); return info;} method comments

Spring profile applicationContext.xml

@ RequiresPermissions

@ RequiresPermissions ("staff") @ Override public String save () {staffService.save (getModel ()); return SUCCESS;} Page tag

Introduce shiro tags into jsp pages

Dynamically display whether there are page elements according to the permissions of the current user

Save the code @ Override public String save () {SecurityUtils.getSubject () .checkPermission ("staff"); staffService.save (getModel ()); return SUCCESS;} after reading the above, do you have any further understanding of how to get started with Apache Shiro? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.