Apache Shiro User's Manual (v) Shiro configuration instructions

Source: Internet
Author: User

The configuration of Apache Shiro is divided into four main parts:

    • Definition and configuration of objects and properties
    • Filter configuration for URLs
    • Static User Configuration
    • Static role Configuration

The Shiro configuration typically contains only the first two items because of dynamic data that the user and role typically operates from the background.

Most of the components of Apache Shiro are based on Pojo, so we can configure them with any configuration mechanism Pojo compatible, such as Java code, sping XML, YAML, JSON, INI files, and so on. The following is an example of how spring XML is configured, and some of these configuration parameters are briefly explained.

configuration of the Shiro object:
The main component is the implementation of the Shiro to define the configuration, the main components in the previous article has done a brief introduction, here is no longer one by one description.

<BeanID= "SecurityManager"class= "Org.apache.shiro.mgt.DefaultSecurityManager">        < Propertyname= "CacheManager"ref= "CacheManager"/>        < Propertyname= "SessionMode"value= "Native"/>        <!--Single Realm app. If you had multiple realms, use the ' Realms ' property instead.  -        < Propertyname= "Realm"ref= "Myrealm"/>        < Propertyname= "SessionManager"ref= "SessionManager"/> </Bean>

configuration of the Shiro filter
Shiro is primarily through URL filtering for security management, where the configuration is to specify a specific authorization rule definition.

<BeanID= "Shirofilter"class= "Org.apache.shiro.spring.web.ShiroFilterFactoryBean">    < Propertyname= "SecurityManager"ref= "SecurityManager"/>    < Propertyname= "Loginurl"value= "/login.jsp"/>    < Propertyname= "Successurl"value= "/home.jsp"/>    < Propertyname= "Unauthorizedurl"value= "/unauthorized.jsp"/> -< Propertyname= "Filterchaindefinitions">        <value># Some example chain definitions:/admin/** = authc, roles[admin]/docs/** = authc, Perms[document:read]/** = authc # more Url-to-filterchain definitions here</value>    </ Property></Bean>

URL Filter Configuration description:
Shiro can implement URL-based authorization validation through a configuration file. Filterchain Definition Format:
Url_ant_path_expression = Path_specific_filter_chain
Each URL is configured to indicate that the application request that matches the URL will be validated by the corresponding filter.
For example:
[URLs]
/index.html = Anon
/user/create = Anon
/user/** = authc
/admin/** = authc, Roles[administrator]
/rest/** = authc, rest
/remoting/rpc/** = authc, perms["Remote:invoke"]

URL Expression Description
1. URL directory is based on Httpservletrequest.getcontextpath () This directory setting
2, the URL can use wildcards, * * to represent any sub-directory
3. When Shiro validates the URL, the URL match succeeds and the matching lookup is no longer continued. So pay attention to the order of URLs in the configuration file, especially if you are using a wildcard character.

Filter Chain Definition Description
1. A URL can be configured with multiple filter, separated by commas
2. When multiple filters are set, all validation passes and is considered
3, some filters can specify parameters, such as Perms,roles

Shiro built -in Filterchain

Filter Name Class
Anon Org.apache.shiro.web.filter.authc.AnonymousFilter
Authc Org.apache.shiro.web.filter.authc.FormAuthenticationFilter
Authcbasic Org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
Perms Org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
Port Org.apache.shiro.web.filter.authz.PortFilter
Rest Org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Roles Org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
Ssl Org.apache.shiro.web.filter.authz.SslFilter
User Org.apache.shiro.web.filter.authc.UserFilter

Apache Shiro User's Manual (v) Shiro configuration instructions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.