Home > Others

Fourth INI configuration-"Follow me to learn Shiro"

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Previous chapters we have been exposed to a number of INI configuration rules, if you have used such as spring, such as Ioc/di container, Shiro provided by the INI configuration is very similar, that can be understood as a Ioc/di container, But the difference is that it starts with a root object SecurityManager.

4.1 Root Object SecurityManager

From the previous Shiro frame composition, it can be seen that Shiro is from the root object SecurityManager authentication and authorization, that is, all operations started from it, the object is thread-safe and the whole application only need one, So Shiro provides securityutils so that we bind it to the global, convenient follow-up operation.

Because Shiro classes are Pojo, it's easy to put them into any IOC container management. However, the difference from the general IOC container is that Shiro starts navigating from the root object SecurityManager, Shiro supported Dependency Injection: creation of the public null parameter constructor object, setter dependency injection.

1, Pure Java Code notation (com.github.zhangkaitao.shiro.chapter4.NonConfigurationCreateTest):

Java code
  2. Defaultsecuritymanager SecurityManager = new Defaultsecuritymanager ();
  4. Set Authenticator
  6. Modularrealmauthenticator authenticator = new Modularrealmauthenticator ();
  8. Authenticator.setauthenticationstrategy (New Atleastonesuccessfulstrategy ());
  10. Securitymanager.setauthenticator (authenticator);
  14. Set Authorizer
  16. Modularrealmauthorizer authorizer = new Modularrealmauthorizer ();
  18. Authorizer.setpermissionresolver (New Wildcardpermissionresolver ());
  20. Securitymanager.setauthorizer (Authorizer);
  24. Set Realm
  26. Druiddatasource ds = new Druiddatasource ();
  28. Ds.setdriverclassname ("Com.mysql.jdbc.Driver");
  30. Ds.seturl ("Jdbc:mysql://localhost:3306/shiro");
  32. Ds.setusername ("root");
  34. Ds.setpassword ("");
  38. Jdbcrealm Jdbcrealm = new Jdbcrealm ();
  40. Jdbcrealm.setdatasource (DS);
  42. Jdbcrealm.setpermissionslookupenabled (TRUE);
  44. Securitymanager.setrealms (Arrays.aslist (Realm) jdbcrealm);
  48. Set SecurityManager to Securityutils for easy global use
  50. Securityutils.setsecuritymanager (SecurityManager);
  54. Subject Subject = Securityutils.getsubject ();
  56. Usernamepasswordtoken token = new Usernamepasswordtoken ("Zhang", "123");
  58. Subject.login (token);
  60. Assert.asserttrue (subject.isauthenticated ());

2.1. Equivalent INI configuration (shiro-config.ini)

Java code
  2. [Main]
  4. #authenticator
  6. Authenticator=org.apache.shiro.authc.pam.modularrealmauthenticator
  8. Authenticationstrategy=org.apache.shiro.authc.pam.atleastonesuccessfulstrategy
  10. authenticator.authenticationstrategy= $authenticationStrategy
  12. Securitymanager.authenticator= $authenticator
  16. #authorizer
  18. Authorizer=org.apache.shiro.authz.modularrealmauthorizer
  20. Permissionresolver=org.apache.shiro.authz.permission.wildcardpermissionresolver
  22. Authorizer.permissionresolver= $permissionResolver
  24. Securitymanager.authorizer= $authorizer
  28. #realm
  30. Datasource=com.alibaba.druid.pool.druiddatasource
  32. Datasource.driverclassname=com.mysql.jdbc.driver
  34. Datasource.url=jdbc:mysql://localhost:3306/shiro
  36. Datasource.username=root
  38. #dataSource. password=
  40. Jdbcrealm=org.apache.shiro.realm.jdbc.jdbcrealm
  42. Jdbcrealm.datasource= $dataSource
  44. Jdbcrealm.permissionslookupenabled=true
  46. securitymanager.realms= $jdbcRealm

Even if you do not have access to the knowledge of the IOC container, the above configuration is easy to understand:

1, Object name = Fully qualified class name in relation to calling public no parameter constructor creates object

2. Object name. property name = value equivalent to calling setter method setting constant value

3, object name. property name =$ object reference is equivalent to calling Setter method setting object reference

2.2. Java Code (COM.GITHUB.ZHANGKAITAO.SHIRO.CHAPTER4.CONFIGURATIONCREATETEST)

Java code
    1. Factory<org.apache.shiro.mgt.securitymanager> Factory =
    2. New Inisecuritymanagerfactory ("Classpath:shiro-config.ini");
    4. Org.apache.shiro.mgt.SecurityManager SecurityManager = Factory.getinstance ();
    6. Set SecurityManager to Securityutils for easy global use
    7. Securityutils.setsecuritymanager (SecurityManager);
    8. Subject Subject = Securityutils.getsubject ();
    9. Usernamepasswordtoken token = new Usernamepasswordtoken ("Zhang", "123");
    10. Subject.login (token);
    12. Assert.asserttrue (subject.isauthenticated ());

The code above is to obtain the corresponding SecurityManager instance from the Shiro INI configuration:

1, by default, first create a name of SecurityManager, The default SecurityManager type is Org.apache.shiro.mgt.DefaultSecurityManager, and if you want to customize it, you only need to specify "securitymanager=" in the INI configuration file. SecurityManager implementation Class "Can, the name must be SecurityManager, it is the root of the beginning;

2, Inisecuritymanagerfactory is to create a SecurityManager factory, which requires an INI configuration file path, which supports "classpath:" (classpath), "File:" (filesystem), "URL:" (network) Three path format, the default is the file system;

3, then get the Securiymanager instance, the next step is the same as before.

As can be seen from the Shiro INI configuration itself provides a simple ioc/di mechanism to facilitate configuration file configuration, but from SecurityManager this root object to start navigation.

4.2 INI Configuration

The INI configuration file is similar to the properties in Java (Key=value), but provides the attributes that classify the key/value, and the key is that each part is not duplicated, not the entire configuration file. The following is the INI configuration classification:

Java code
    1. [Main]
    2. #提供了对根对象securityManager及其依赖的配置
    3. Securitymanager=org.apache.shiro.mgt.defaultsecuritymanager
    4. ............
    5. securitymanager.realms= $jdbcRealm
    7. [Users]
    8. #提供了对用户/password and its role configuration, username = password, role 1, role 2
    9. Username=password,role1,role2
    11. [Roles]
    12. #提供了角色及权限之间关系的配置, role = Permissions 1, permissions 2
    13. Role1=permission1,permission2
    15. [URLs]
    16. #用于web, provides configuration related to Web URL interception, url= interceptors [parameters], interceptors
    17. /index.html = Anon
    18. /admin/** = authc, roles[admin], perms["Permission1"]

[main] Part

Provides the configuration of the root object SecurityManager and its dependent objects.

Creating Objects

Java code
    1. Securitymanager=org.apache.shiro.mgt.defaultsecuritymanager

Its constructor must be the public null parameter constructor, and the corresponding instance is created by reflection.

constant Value Setter injected

Java code
    1. Datasource.driverclassname=com.mysql.jdbc.driver
    2. Jdbcrealm.permissionslookupenabled=true

Jdbcrealm.setpermissionslookupenabled (True) is automatically called, and the type conversion is automatic for this constant value.

Object reference Setter injected

Java code
    1. Authenticator=org.apache.shiro.authc.pam.modularrealmauthenticator
    2. Authenticationstrategy=org.apache.shiro.authc.pam.atleastonesuccessfulstrategy
    3. authenticator.authenticationstrategy= $authenticationStrategy
    4. Securitymanager.authenticator= $authenticator

Reference dependencies are automatically injected through Securitymanager.setauthenticator (authenticator).

Nested Property Setter injected

Java code
    1. securitymanager.authenticator.authenticationstrategy= $authenticationStrategy

This nesting method is also supported for setter injection.

byte Array Setter injected

Java code
    1. #base64 byte[]
    2. authenticator.bytes=agvsbg8=
    3. #hex byte[]
    4. authenticator.bytes=0x68656c6c6f

The default is to use Base64 for encoding, or 0x 16 binary.

Array/set/list Setter injected

Java code
    1. authenticator.array=1,2,3
    2. authenticator.set= $jdbcRealm, $jdbcRealm

Multiple passes between "," splits.

Map Setter injected

Java code
    1. authenticator.map= $jdbcRealm: $jdbcRealm, 1:1,KEY:ABC

That is, the format is: Map=key:value,key:value, you can inject constants and reference values, and constant words are treated as strings (even if generics do not auto-sculpt).

Instantiation/ Injection Sequence

Java code
    1. Realm=realm1
    2. Realm=realm12
    4. authenticator.bytes=agvsbg8=
    5. authenticator.bytes=0x68656c6c6f

The back of the cover front of the injection.

Please refer to the configuration file Shiro-config-main.ini for the test case.

[Users] Part

Configure username/password and its role, format: "User name = password, role 1, Role 2", part of the role can be omitted. Such as:

Java code
    1. [Users]
    2. Zhang=123,role1,role2
    3. Wang=123

Passwords generally generate their digest/encrypted storage, as described in subsequent chapters.

[Roles] Part

Configure the relationship between roles and permissions, in the format: "Role = Permissions 1, permissions 2", such as:

Java code
    1. [Roles]
    2. Role1=user:create,user:update
    3. role2=*

If only the role does not have the corresponding permissions, can not be roles, specific rules please refer to the Licensing section.

[URLs] Part

Configure the relationship between the URL and the corresponding interceptor, in the format: "Url= interceptors [parameters], interceptors [parameters], such as:

Java code
    1. [URLs]
    2. /admin/** = authc, roles[admin], perms["Permission1"]

See the Web-related section for specific rules.

Spring/shiro technology can be explored Dabigatran 247221261. Group has the relevant sample code, you are welcome to discuss learning ~

Fourth INI configuration-"Follow me to learn Shiro"

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More