Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about how to integrate shiro in the original framework. Many people may not know much about it. In order to let you know more, Xiaobian summarizes the following contents for you. I hope you can gain something according to this article.

Today's task is to integrate shiro into the original framework

1. Shiro's knowledge

> Permission Framework (provides easy-to-use API, powerful)

1.1 Difference between Spring Security and Spring Security

framework| shiro | Spring security

---|------| ---

ease of use| √ | X

particle size| crude| Fine (Strong)

1.2 Shiro's four cornerstones

> Authentication, authorization, cryptography, and session management

> securityManager: core object realm: get data interface

The core API of shiro

2.1 Get the securityManager object first before doing anything

```

//I. Create our own Realm myRealm = new MyRealm();//ii. Create a core object:DefaultSecurityManager securityManager = new DefaultSecurityManager();securityManager.setRealm(myRealm);//three. Put securityManager in context SecurityUtils.setSecurityManager(securityManager);

```

#2.2 The methods we used

```

//1. Get the current user Subject currentUser = SecurityUtils.getSubject();//2. Determine whether to log in currentUser.isAuthenticated();//3. Log in (token required)/** UnknownAccountException: User name does not exist IncorrectCredentialsException: Password error AuthenticationException: Other Error */ UsernamePasswordToken token = new UsernamePasswordToken("admin", "123456"); currentUser.login(token); //4. Determine if this role/permission currentUser.hasRole("Role Name")currentUser.isPermitted("Permission Name")

```

# 3. Password encryption function

```

/** * String algorithmName, Object source, Object salt, int hashIterations) * First parameter algorithmName: Encryption algorithm name * Second parameter source: Encryption original password * Third parameter salt: Salt value * Fourth parameter hashIterations: Encryption times */SimpleHash hash = new SimpleHash ("MD5","123456","itsource",10);System.out.println (hash.toHex());``#4. Custom Realm> Inherit AuthorizingRealm>> Implement two methods: doGetAuthorizationInfo(Authorization) /doGetAuthenticationInfo(Login Authentication)```//Authentication @Overrideprotected AuthenticationInfo doGetAuthenticationInfo (AuthenticationToken authenticationToken) throws AuthenticationException { //1. Get username and password UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken; String username = token.getUsername(); //2. Get the corresponding password according to the user name String password = getByName(username); if(password==null){ return null; //return null means there is a problem with the username } //Return authentication information //Prepare salt value ByteSource salt = ByteSource.Util.bytes("asdf"); //password is shiro judge for yourself SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(username,password,salt,getName()); return authenticationInfo;}//Authorize @Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { //get username Principal: Principal (user object/username) String username = (String)principalCollection.getPrimaryPrincipal(); //Get the role Set roles = findRolesBy(username); //Get permission Set permis = findPermsBy(username); //Give role permissions to users SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.setRoles(roles); authorizationInfo.setStringPermissions(permis); return authorizationInfo;}

> Note: If our password is encrypted, how should we judge (Matcher)

//I. Create our own RealmMyRealm myRealm = new MyRealm();//Create a Credential Matcher (salt value cannot be set)HashedCredentialsMatcher = new HashedCredentialsMatcher();//Compare passwords using MD5 method matcher. setHashAlgorithm Name ("md5");//Set number of iterations of encoding matcher. setHashIteration (10);//Set Credential Matcher (encryption method matching)myRealm.setCredentialsMatcher(matcher);

```

# 5. Integrated Spring

> Go to: shiro-root-1.4.0-RC2\samples\spring

## 5.1 Guide package

```

org.apache.shiro shiro-all 1.4.0 pom org.apache.shiro shiro-spring 1.4.0

## 5.2 web.xml> This filter is a code (just focus on its name)

shiroFilter org.springframework.web.filter.DelegatingFilterProxy targetFilterLifecycle true shiroFilter /*

## 5.3 application-shiro.xml

> Introduction in our application

``

> It was copied from the case and modified accordingly.

```

5.4 Get Map Filter

> Note that the returned Map must be ordered (LinkedHashMap)```

public class FilterChainDefinitionMapFactory { /** * And then this value is taken from the database. * /s/login.jsp = anon * /login = anon * /s/permission.jsp = perms[user:index] * /depts/index = perms[depts:index] * /** = authc */ public Map createFilterChainDefinitionMap(){ //Note:LinkedHashMap is ordered Map filterChainDefinitionMap = new LinkedHashMap(); filterChainDefinitionMap.put("/s/login.jsp", "anon"); filterChainDefinitionMap.put("/login", "anon"); filterChainDefinitionMap.put("/s/permission.jsp", "perms[user:index]"); filterChainDefinitionMap.put("/depts/index", "perms[depts:index]"); filterChainDefinitionMap.put("/** ", "authc"); return filterChainDefinitionMap; }}

Focus of the day: Acquisition of securityManage objects, information transfer required in the permission authentication step (user, role, permission)

Details: For setting the permission list need to pay attention to the order,----release in the first-> permission in the last-> the same interception /** = authc

Having read all this, do you have any idea how to integrate shiro into your existing framework? If you still want to know more knowledge or related content, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.