Shiro Configuring Web Apps

Shiro can be integrated with the normal web, but with the basic use of spring in today's applications, we don't talk about the most basic Web integration. The way to integrate with spring has already been mentioned.

N in a Web application, you can configure [URLs]:

The [URLs] entry allows you to do something that does not exist in any web framework that we have seen: Define an adaptive filter chain in your application to match the URL path!

[URLs] Url_ant_path_expression = Path_specific_filter_chain

For example:

...

[urls]/index.html = Anon/user/create = anon/user/** = authc/admin/** = authc, roles[administrator]/rest/** = authc, rest/r emoting/rpc/** = authc, perms["Remot:invoke"]

Nurl Path Expressions

The left side of the equals sign is an ant-style path expression associated with the Web application context root. It is the first way to match priorities, such as:

/account/** = SSL, Authc/account/signup = anon

If the incoming request is intended to access/account/signup/index.html (All ' anon ' ymous users can access), then it will never be processed! The reason is because the/account/** pattern first matches the incoming request, and "shorted out" the rest of the definition.

Nfilter Chain Definitions

The right side of the equals sign is a comma-separated list of filters used to execute requests that match that path. It must conform to the following format: FILTER1[OPTIONAL_CONFIG1], Filter2[optional_config2], ...

(1) Filtern is the name of the filter bean defined in the [main] key

(2) [Optional_confign] is an optional parenthesis within the specific path to a specific filter that has a specific meaning of the string (each filter, the specific configuration of each path!) ）。 If the filter does not require a specific configuration for the URL path, you can omit the parentheses, so filtenr[] becomes filtern.

n The default filter instance

Nanon: Example/admins/**=anon has no parameters, which means it can be used anonymously

NAUTHC: For example,/ADMINS/USER/**=AUTHC indicates that authentication (login) is required to use, no parameters

Nauthcbasic: For example/admins/user/**=authcbasic no parameter indicates httpbasic authentication

N

Nlogout: When logging off, completing a certain function, any existing session will be invalidated, and any identity will be lost (for example, in the Web application, the RememberMe cookie will also be deleted)

N

Nnosessioncreation: Prevents a new session from being created during a request to guarantee a stateless experience

N

Nperms: Example/admins/user/**=perms[user:add:*], parameters can be written multiple, multiple must be quoted, and the parameters are separated by commas, such as/admins/user/**=perms["user:add:*, user:modify:* "], when there are multiple parameters must be passed before each argument, want to be in the Ispermitedall () method.

Nport: Example/admins/user/**=port[8081], specifying which port to request access to

N

Nrest: Example/admins/user/**=rest[user], according to the method requested, equivalent to/admins/user/**=perms[user:method], wherein method is post,get,delete and so on.

N

Nroles: Example/admins/user/**=roles[admin], parameters can be written multiple, multiple must be quoted, and the parameters are separated by commas, when there are multiple parameters, such as admins/user/**=roles["admin, Guest "], each parameter passed, equivalent to the Hasallroles () method.

N

Nssl: Example/admins/user/**=ssl no parameters, represents a secure URL request, the protocol is HTTPS

N

Nuser: For example,/admins/user/**=user does not have a parameter indicating that a user must exist and does not check when logging in

Tag libary Tag Library

N Introducing Tag

<%@ taglib prefix= "Shiro" uri= "Http://shiro.apache.org/tags"%>

Nthe guest Tag

The guest tag will show what it contains, only if the current subject is considered ' guest '. ' Guest ' means any subject without ID. That is, we do not know who the user is, because they are not logged in and they are not remembered in the last visit (RememberMe service), the guest tag is the opposite of the user tag logic. Example:

<shiro:guest> Hi there! Please <a href= "login.jsp" >Login</a> or <a href= "signup.jsp" >signup</a>today!</shiro: Guest>

nthe user tag

The user tag will show what it contains, only if the current subject is considered ' user '. ' user ' is defined in the context as a subject of a known identity ID, either successfully authenticated and through the ' rememberme ' service. Note that this label is semantically different from the authenticated tag, and the authenticated tag is more restrictive. The usre tag is the opposite of the guest tag logic.

Nthe authenticated tag

Only if the current user successfully passes the authentication authenticated tag in the current session will the content be displayed. It is more restrictive than the ' user ' tag. It is logically the opposite of the ' notauthenticated ' tag.

nthe notauthenticated tag

The notauthenticated tag will display what it contains if the current subject has not successfully passed validation in its current session.

nthe principal tag

The principal tag will output the body of the subject (identity attribute) or the primary attribute.

nthe hasrole tag

The hasrole tag will show what it contains, only if the current subject is assigned a specific role. The hasrole tag is the opposite of the Lacksrole label logic. For example:

<shiro:hasrole name= "Administrator" ><a href= "admin.jsp" >administer the System</a></shiro: Hasrole>

nthe lacksrole tag

The lacksrole tag will show what it contains, only if the current subject is not assigned a specific role

nthe hasanyroles tag

The hasanyrole tag will display what it contains, if the current subject is assigned to a specific role from a comma-delimited list of role names. For example:

<shiro:hasanyroles name= "developer, project Manager, administrator" >you is either a developer, project manager, or Administrater.</shiro:hasanyroles>

nthe haspermission tag

The haspermission tag will show what it contains, only if the current subject "owns" (contains) specific permissions. In other words, the user has a specific ability. The haspermission tag is the opposite of the Lackspermission label logic. For example:

<shiro:haspermission name= "user:create" ><a href= "createuser.jsp" >create a new User</a></shiro: Haspermission>

nthe lackspermission tag

The lackspermission tag will show what it contains, only if the current subject does not own (contain) specific permissions. In other words, the user does not have specific capabilities.

Private online Original, reproduced please specify http://sishuok.com/forum/blogPost/list/0/7460.html

Shiro Configuring Web Apps