Home > Others

User Filter for Shiro

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Project to use the Shiro this permission framework, feel it, very convenient.

Look at the appearance of more than two days a day. Then run some examples, it is easier to see later a filter, configured as follows

[Main] #默认是/login.jspauthc.loginurl=/loginroles.unauthorizedurl=/unauthorizedperms.unauthorizedurl=/ Unauthorizedlogout.redirecturl=/login[users]zhang=123,adminwang=123[roles]admin=user:*,menu:*[urls] #anon Do not log in to access/logout2=logout/login=anon/logout=anon/unauthorized=anon/static/**=anon #需要登录才能访问 # requires login and has admin role to access/ role=authc,roles[admin]/permission=authc,perms["User:create"]/authenticated=user#userfilter first is to determine whether the login page is, if so, Is Allowd, if not, if previously logged in, and isrememberme=true. can be accessed, but AUTHC cannot #
There is a user filter in this is not very understand, but you understand, it feels easy.

User represents the Userfilter

if (isloginrequest (request, Response)) {            return true;        } else {            Subject Subject = getsubject (Request, Response);            IF principal is isn't null, then the user was known and should be allowed access.            Return Subject.getprincipal ()! = null;        }
This is the source code of the Isaccessallowed method. Basically, if the login page is accessed, the user is allowed access, if not, from the current user, to see if the user is RememberMe, rememberme and logged in within the validity period, will allow access to its path, but will not allow access to the AUTHC path. The user is between, anon and authc straight. In other words: While the "/authenticated= user" means that users who access the address are authenticated either through or RememberMe logged in. Or, a page needs to be logged in to see, but this page information is not very important, you can already use this

RememberMe principle, is to log the user name, in some kind of encryption, stored in the cookie, the name is called RememberMe, the next login will be found from the cookie, if there is, Pricipal will not be empty. Also note that the call to Subject.logout () will erase this cookie


User Filter for Shiro

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More