Simple Integration of apache shiro Based on spring framework

With regard to project security protection, I have always wanted to find a simple configuration method that can achieve the goal. Since I got in touch with shiro, this goal has been achieved. The following is my experience in using shiro, this feature can be easily integrated.

First, let's take a look at what shiro is.

Apache shiro is a powerful and easy-to-use Java security framework that provides developers with an intuitive and comprehensive solution for authentication, authorization, encryption, and session management.

In fact, according to my personal understanding, it is a filter that performs permission verification according to the configuration (or annotation) Rules.

My project is based on maven to manage dependent jar packages. First, introduce the jar required for apache shiro:

                            org.apache.shiro                shiro-web                1.2.1                                        org.apache.shiro                shiro-spring                1.2.1                                        org.apache.shiro                shiro-ehcache                1.2.1            

Shiro-web and shiro-spring must be used. If you want to cache permissions, shiro-ehcache will be introduced. The use of shiro-ehcache will be detailed later.

Let's take a look at how login. action enables user login and writing, get user form information, and query database verification without having to go through the key code:

= =

 

Since it is a filter, let's take a look at the method of this filter:

. Tech. nuo. common. security. MD5 ;. tech. nuo. core. domain. manager ;. tech. nuo. core. service. managerService; shiroFilter // administrator user service @ Resource init (FilterConfig filterConfig) === (! = // The user id is saved, that is, the Information System. out. println (principal. getName () in the top logon token; Manager m = (! = M & 1 =); // as an example, here I just put the user ID into the token. You can change it to other complex information Subject subject1 = (subjects! =

So far, we can say that the login and filter have been completed. Then implement the web. xml and spring files and permission verification.

1. Add the shiro filter configuration in web. xml:

shiroFilterorg.springframework.web.filter.DelegatingFilterProxy        shiroFilter        /*

This filter must be located before all filters.

2. Permission verification code implementation. Let's write a realm class that integrates shiro's

ShiroRealm (principals = "PrincipalCollection method argument cannot be null. "= (String) getAvailablePrincipal (principals); System. out. println ("-------------------" + = info. addRole ("ROLE_USER"/* You can obtain the role and permission information of the user from the database, and add the obtained information to info, the specific code for getting the database is omitted */= (userName! = &&! "" = <Object, AuthorizationInfo> cache = (cache! =

3. Configure applicationContext. xml (only shiro-related information is retained here)

                                                                                                                                /admin.html = authc,perms[shiro_admin:view]                //user.html=authc,perms[shiro_user:view]                                /manage/kindeditor/**=anon                /manage/**=authc,roles["ROLE_USER"]                /**=anon                                            .tech.nuo.action.shiro.realm.ShiroRealm"                                           "                                                

/Admin.html = authc, perms [shiro_admin: view]

/User.html = authc, perms [shiro_user: view]

 

 

Author: bixue Huangsha Source: yellow.