Shiro, apacheshiro

Shiro, apacheshiro

Define shiroFilter (org. apache. shiro. spring. web. shiroFilterFactoryBean) needs to assign a value to its filterChainDefinitions property. This property is a chainName-to-chainDefinition map of chain definitions, used to define a filter policy for URLs.

For example:

/404.htm = anon/main!main.html = anon/**.html = perms[myPerm_1]

 

Rest: For example,/admins/user/** = rest [user]. Based on the Request method, it is equivalent to/admins/user/** = perms [user: method]. the method is post, get, and delete.

Port: For example,/admins/user/** = port [8081], when the request url port is not 8081, It is redirected to schemal: // serverName: 8081? QueryString, where schmal is the protocol http or https, serverName is the host you visit, 8081 is the port in the url configuration, and queryString is in the url you visit? Parameters.

Perms: For example,/admins/user/** = perms [user: add: *]. You can write multiple perms parameters. If there are multiple parameters, quotation marks must be added and the parameters are separated by commas, for example,/admins/user/** = perms ["user: add: *, user: modify: *"]. When multiple parameters exist, each parameter must pass, the isPermitedAll () method.

Roles: For example,/admins/user/** = roles [admin], you can write multiple parameters. When multiple parameters are entered, quotation marks must be added and the parameters are separated by commas, when multiple parameters exist, such as/admins/user/** = roles ["admin, guest"], each parameter is passed, which is equivalent to the hasAllRoles () method.

AnonFor example, if/admins/** = anon does not have a parameter, it indicates that it can be used anonymously.
AuthcFor example,/admins/user/** = authc indicates that authentication is required before use. No parameter is specified.
AuthcBasicFor example, if/admins/user/** = authcBasic has no parameter, it indicates httpBasic authentication.
SslFor example, if/admins/user/** = ssl does not have a parameter, it indicates a secure url request. The protocol is https.
UserFor example, if/admins/user/** = user does not have a parameter, it indicates that a user must exist. This parameter is not checked during login.

 

In general, we can use a module as a granularity, for example:

/blog!**.html = user

 

Occasionally, each URL is controlled as an authorization unit. For example:

/blog!doAddNewArticle.html = authc,perms[addArticle]

 

However, the number of URLs is a headache. Maybe you can enable the XML file to write the URL and synchronize it to SVN every time you develop a function, or you can find someone to do these things, this person is notified whether to add, delete, or modify the method name... think differently. I don't want to be this person...

So I want to put these URLs in the database for management. I want to put all of them in filterChainDefinitions.
I need to assemble a Bean, which is actually an implementation of org. springframework. beans. factory. FactoryBean <Section>.

<bean id="chainFilterBuff"   class="king.common.ChainFilterBuff">    <property name="filterChainDefinitions">    /404.htm = anon    /main!main.html = anon    </property></bean>

 

Then inject it:

<bean id="shiroFilter1" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">    <property name="securityManager" ref="securityManager" />    <property name="loginUrl" value="/main!main.html" />    <property name="successUrl" value="/main!main.html" />    <property name="unauthorizedUrl" value="/unAuthorized.htm" />    <property name="filterChainDefinitionMap" ref="chainFilterBuff" /></bean>

 

In Java code, implements FactoryBean <Ini. Section> and implements the method that requires Override. The key is getObject's method:

Private String filterChainDefinitions; @ Overridepublic Section getObject () throws Exception {Ini ini = new Ini (); ini. load (filterChainDefinitions); // load the chain Ini defined in XML first. section section = ini. getSection (Ini. DEFAULT_SECTION_NAME);/** omit read step * continue to join the chain * section in the database. put ("/**", "authc, roles [admin]"); */
Return section ;}

 

And so on. These define permissions.
We need to verify whether the user has the current URL permission when accessing these URLs.
So I defined it (in fact, we must define a Realm, ShiroFilterFactoryBean requires SecurityManager, and the Implementation class of SecurityManager we use DefaultWebSecurityManager requires a Realm !) :

<bean id="shiroDataBaseRealm" class="king.security.KingMainRealm">

 

And Override the method defined by the interface:

Public class KingMainRealm extends AuthorizingRealm {@ Override protected AuthorizationInfo doGetAuthorizationInfo (// authorize PrincipalCollection principals) {UserBean _ user = (UserBean) principals. fromRealm (getName ()). iterator (). next (); SimpleAuthorizationInfo authInfo = new SimpleAuthorizationInfo ();/** omitted */return authInfo;} @ Override protected AuthenticationInfo doGetAuthenticationInfo (// AuthenticationToken token) throws AuthenticationException {UserBean user = new UserBean (); UsernamePasswordToken userToken = (UsernamePasswordToken) token; user. setUserName (userToken. getUsername (); user. setPassword (userToken. getPassword (); return new SimpleAuthenticationInfo (user, user. getPassword (), getName ());}}

 

If you have defined the URL to be requested, doGetAuthorizationInfo will be called upon logon, and the rest is to manage these permissions for each user.
Maybe we can create a role to associate Multiple permissions, and the user to associate multiple roles, similar to setting different levels.
Do as you like :)

 

How can we use Shiro to automatically log on after successful user registration?

Before registering a user, you can jump to the logon page:
@ RequestMapping (method = RequestMethod. POST) public String register (@ Valid User user, RedirectAttributes redirectAttributes) {accountService. registerUser (user); redirectAttributes. addFlashAttribute ("username", user. getLoginName (); return "redirect:/login";} now requires the user to log on automatically after registration is successful. The rewrite is as follows:
Org. apache. shiro. authc. incorrectCredentialsException: Submitted credentials for token [org. apache. shiro. authc. usernamePasswordToken-user01, rememberMe = false] did not match the expected credentials. problem added: the problem is resolved and changed to a token. setPassword (user. getPlainPassword (). toCharArray.

How can we use Shiro to automatically log on after successful user registration?

Before registering a user, you can jump to the logon page:
@ RequestMapping (method = RequestMethod. POST) public String register (@ Valid User user, RedirectAttributes redirectAttributes) {accountService. registerUser (user); redirectAttributes. addFlashAttribute ("username", user. getLoginName (); return "redirect:/login";} now requires the user to log on automatically after registration is successful. The rewrite is as follows:
Org. apache. shiro. authc. incorrectCredentialsException: Submitted credentials for token [org. apache. shiro. authc. usernamePasswordToken-user01, rememberMe = false] did not match the expected credentials. problem added: the problem is resolved and changed to a token. setPassword (user. getPlainPassword (). toCharArray.