Chapter 4th INI Configuration

Previous chapters we have been exposed to a number of INI configuration rules, if you have used such as spring, such as Ioc/di container, Shiro provided by the INI configuration is very similar, that can be understood as a Ioc/di container, But the difference is that it starts with a root object SecurityManager.

4.1 root Object SecurityManager

From the previous Shiro frame composition can be seen, Shiro is from the root object SecurityManager authentication and authorization, that is, all operations started from it, the object is thread-safe, the entire application needs only one, So Shiro provides securityutils that lets us bind it to the global convenience of subsequent operations. Because Shiro classes are Pojo, it's easy to put them into any IOC container management. However, the difference from the general IOC container is that Shiro starts navigating from the root object SecurityManager, Shiro supported Dependency Injection: creation of the public null parameter constructor object, setter dependency injection.

2.1, Pure Java Code notation (com.github.zhangkaitao.shiro.chapter4.NonConfigurationCreateTest):

Defaultsecuritymanager SecurityManager = new Defaultsecuritymanager ();

Set Authenticator

Modularrealmauthenticator authenticator = new Modularrealmauthenticator ();

Authenticator.setauthenticationstrategy (New Atleastonesuccessfulstrategy ());

Securitymanager.setauthenticator (authenticator);

Set Authorizer

Modularrealmauthorizer authorizer = new Modularrealmauthorizer ();

Authorizer.setpermissionresolver (New Wildcardpermissionresolver ());

Securitymanager.setauthorizer (Authorizer);

Set Realm

Druiddatasource ds = new Druiddatasource ();

Ds.setdriverclassname ("Com.mysql.jdbc.Driver");

Ds.seturl ("Jdbc:mysql://localhost:3306/shiro");

Ds.setusername ("root");

Ds.setpassword ("");

Jdbcrealm Jdbcrealm = new Jdbcrealm ();

Jdbcrealm.setdatasource (DS);

Jdbcrealm.setpermissionslookupenabled (TRUE);

Securitymanager.setrealms (Arrays.aslist (Realm) jdbcrealm);

Set SecurityManager to Securityutils for easy global use

Securityutils.setsecuritymanager (SecurityManager);

Subject Subject = Securityutils.getsubject ();

Usernamepasswordtoken token = new Usernamepasswordtoken ("Zhang", "123");

Subject.login (token);

Assert.asserttrue (subject.isauthenticated ());

2.2. Equivalent INI configuration (shiro-config.ini)

[Main]

#authenticator

Authenticator=org.apache.shiro.authc.pam.modularrealmauthenticator

Authenticationstrategy=org.apache.shiro.authc.pam.atleastonesuccessfulstrategy

authenticator.authenticationstrategy= $authenticationStrategy

Securitymanager.authenticator= $authenticator

#authorizer

Authorizer=org.apache.shiro.authz.modularrealmauthorizer

Permissionresolver=org.apache.shiro.authz.permission.wildcardpermissionresolver

Authorizer.permissionresolver= $permissionResolver

Securitymanager.authorizer= $authorizer

#realm

Datasource=com.alibaba.druid.pool.druiddatasource

Datasource.driverclassname=com.mysql.jdbc.driver

Datasource.url=jdbc:mysql://localhost:3306/shiro

Datasource.username=root

#dataSource. password=

Jdbcrealm=org.apache.shiro.realm.jdbc.jdbcrealm

Jdbcrealm.datasource= $dataSource

Jdbcrealm.permissionslookupenabled=true

securitymanager.realms= $jdbcRealm

Even if you do not have access to the knowledge of the IOC container, the above configuration is easy to understand:

1, Object name = Fully qualified class name in relation to calling public no parameter constructor creates object

2. Object name. property name = value equivalent to calling setter method setting constant value

3, object name. property name =$ object reference is equivalent to calling Setter method setting object reference

2.3. Java code (COM.GITHUB.ZHANGKAITAO.SHIRO.CHAPTER4.CONFIGURATIONCREATETEST)

factory<org.apache.shiro.mgt.securitymanager> Factory = new Inisecuritymanagerfactory ("Classpath: Shiro-config.ini ");

Org.apache.shiro.mgt.SecurityManager SecurityManager = Factory.getinstance ();

Set SecurityManager to Securityutils for easy global use

Securityutils.setsecuritymanager (SecurityManager);

Subject Subject = Securityutils.getsubject ();

Usernamepasswordtoken token = new Usernamepasswordtoken ("Zhang", "123");

Subject.login (token);

Assert.asserttrue (subject.isauthenticated ());

The code above is to obtain the corresponding SecurityManager instance from the Shiro INI configuration:

1, by default, first create a name of SecurityManager, The default SecurityManager type is Org.apache.shiro.mgt.DefaultSecurityManager, and if you want to customize it, you only need to specify "securitymanager=" in the INI configuration file. SecurityManager implementation Class "Can, the name must be SecurityManager, it is the root of the beginning;

2, Inisecuritymanagerfactory is to create a SecurityManager factory, which requires an INI configuration file path, which supports "classpath:" (classpath), "File:" (filesystem), "URL:" (network) Three path format, the default is the file system;

3, then get the Securiymanager instance, the next step is the same as before.

As can be seen from the Shiro INI configuration itself provides a simple ioc/di mechanism to facilitate configuration file configuration, but from SecurityManager this root object to start navigation.

4.2 INI Configuration

The INI configuration file is similar to the properties in Java (Key=value), but provides the attributes that classify the key/value, and the key is that each part is not duplicated, not the entire configuration file. The following is the INI configuration classification:

[Main]

#提供了对根对象securityManager及其依赖的配置

Securitymanager=org.apache.shiro.mgt.defaultsecuritymanager

............

securitymanager.realms= $jdbcRealm

[Users]

#提供了对用户/password and its role configuration, username = password, role 1, role 2

Username=password,role1,role2

[Roles]

#提供了角色及权限之间关系的配置, role = Permissions 1, permissions 2

Role1=permission1,permission2

[URLs]

#用于web, provides configuration related to Web URL interception, url= interceptors [parameters], interceptors

/index.html = Anon

/admin/** = authc, roles[admin], perms["Permission1"]

[main] Part

Provides the configuration of the root object SecurityManager and its dependent objects.

Creating objects

Securitymanager=org.apache.shiro.mgt.defaultsecuritymanager

Its constructor must be the public null parameter constructor, and the corresponding instance is created by reflection.

Constant Value Setter Injection

Datasource.driverclassname=com.mysql.jdbc.driver

Jdbcrealm.permissionslookupenabled=true

Jdbcrealm.setpermissionslookupenabled (True) is automatically called, and the type conversion is automatic for this constant value.

Object reference Setter Injection

Authenticator=org.apache.shiro.authc.pam.modularrealmauthenticator

Authenticationstrategy=org.apache.shiro.authc.pam.atleastonesuccessfulstrategy

authenticator.authenticationstrategy= $authenticationStrategy

Securitymanager.authenticator= $authenticator

Reference dependencies are automatically injected through Securitymanager.setauthenticator (authenticator).

Nested Property Setter Injection

securitymanager.authenticator.authenticationstrategy= $authenticationStrategy

This nesting method is also supported for setter injection.

byte Array Setter Injection

#base64 byte[]

authenticator.bytes=agvsbg8=

#hex byte[]

authenticator.bytes=0x68656c6c6f

The default is to use Base64 for encoding, or 0x 16 binary.

Array/set/list Setter injected

authenticator.array=1,2,3

authenticator.set= $jdbcRealm, $jdbcRealm

Multiple passes between "," splits.

Map Setter injected

authenticator.map= $jdbcRealm: $jdbcRealm, 1:1,KEY:ABC

That is, the format is: Map=key:value,key:value, you can inject constants and reference values, and constant words are treated as strings (even if generics do not auto-sculpt).

Instantiation/Injection Sequence

Realm=realm1

Realm=realm12

authenticator.bytes=agvsbg8=

authenticator.bytes=0x68656c6c6f

The back of the cover front of the injection.

Please refer to the configuration file Shiro-config-main.ini for the test case.

[Users] Part

Configure username/password and its role, format: "User name = password, role 1, Role 2", part of the role can be omitted. Such as:

[Users]

Zhang=123,role1,role2

Wang=123

Passwords generally generate their digest/encrypted storage, as described in subsequent chapters.

[Roles] Part

Configure the relationship between roles and permissions, in the format: "Role = Permissions 1, permissions 2", such as:

[Roles]

Role1=user:create,user:update

role2=*

If only the role does not have the corresponding permissions, can not be roles, specific rules please refer to the Licensing section.

[URLs] Part

Configure the relationship between the URL and the corresponding interceptor, in the format: "Url= interceptors [parameters], interceptors [parameters], such as:

[URLs]

/admin/** = authc, roles[admin], perms["Permission1"]

See the Web-related section for specific rules.

Example source code: https://github.com/zhangkaitao/shiro-example; Spring/shiro technology can be explored Dabigatran 134755960.

Chapter 4th INI Configuration