ApacheShiro User Manual (5) Shiro configuration instructions

Most components of ApacheShiro are POJO-based, so we can use any configuration mechanism compatible with POJO for configuration, such as Java code, SpingXML, YAML, JSON, and INI files. The following uses SpringXML configuration as an example to describe some configuration parameters.

Apache Shiro User Manual (5) Shiro configuration instructions

Blog type:

Development

Security framework Shiro

The configuration of Apache Shiro is mainly divided into four parts:

Definition and configuration of objects and properties
URL filter configuration
Static user configuration
Static role configuration

Among them, because the user and role are generally dynamic data operated by the background, Shiro configuration generally only contains the first two configurations.

Most components of Apache Shiro are based on POJO, so we can use any configuration mechanism compatible with POJO, such as Java code, Sping XML, YAML, JSON, and INI files. The following uses Spring XML configuration as an example to describe some configuration parameters.

Shiro object configuration:

It mainly defines and configures the implementation of various Shiro components. The main components have been briefly introduced in the previous article and are not described here.

Configuration of Shiro filter

Shiro mainly manages security through URL filtering. the configuration here is to specify the specific authorization rule definition.

  
   
   
   
   --> 
   
   
     # some example chain definitions: /admin/** = authc, roles[admin] /docs/** = authc, perms[document:read] /** = authc # more URL-to-FilterChain definitions here 
    
   
 

URL filter configuration instructions:

Shiro can implement URL-based authorization authentication through the configuration file. FilterChain definition format:

URL_Ant_Path_Expression = Path_Specific_Filter_Chain

Each URL configuration indicates that application requests matching the URL are verified by the corresponding filter.

For example:

[urls] /index.html = anon /user/create = anon /user/** = authc /admin/** = authc, roles[administrator] /rest/** = authc, rest /remoting/rpc/** = authc, perms["remote:invoke"]

URL expression description

1. the URL directory is set based on HttpServletRequest. getContextPath ().

2. wildcards can be used for URLs. ** represents any subdirectory.

3. when Shiro verifies the URL, the matching will no longer be performed if the URL matches successfully. Pay attention to the URL sequence in the configuration file, especially when using wildcards.

Filter Chain definition

1. multiple filters can be configured for a URL, which are separated by commas (,).

2. when multiple filters are set, they are regarded as pass only when all the filters pass the verification.

3. some filters can specify parameters, such as perms and roles.

Shiro built-in FilterChain

Filter Name Class

Anon org. apache. shiro. web. filter. authc. AnonymousFilter

Authc org. apache. shiro. web. filter. authc. FormAuthenticationFilter

AuthcBasic org. apache. shiro. web. filter. authc. BasicHttpAuthenticationFilter

Perms org. apache. shiro. web. filter. authz. PermissionsAuthorizationFilter

Port org. apache. shiro. web. filter. authz. PortFilter

Rest org. apache. shiro. web. filter. authz. HttpMethodPermissionFilter

Roles org. apache. shiro. web. filter. authz. RolesAuthorizationFilter

Ssl org. apache. shiro. web. filter. authz. SslFilter

User org. apache. shiro. web. filter. authc. UserFilter

The above is the description of Shiro configuration in the Apache Shiro User Manual (5). For more information, see PHP Chinese website (www.php1.cn )!