Java安全框架 Apache Shiro学习-1-ini 配置
2024-10-09 01:05:09
简单登录流程:
1. SecurityManager
2. SecurityUtils.setSecurityManager
3. SecurityUtils.getSubject
4. token(UsernamePasswordToken等)
5. subject.login
Apache Shiro Configuration
Shiro 配置--ini
》适用于用户少且不需要在运行时动态创建的情景
1. web.xml 中自定义shiro.ini位置(默认位置)
/WEB-INF/shiro.ini or classpath:shiro.ini
配置内容
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
<init-param>
<param-name>configPath</param-name>
<param-value>/WEB-INF/anotherFile.ini</param-value>
</init-param>
</filter>
2. Shiro.ini 示例
# =======================
# Shiro INI configuration
# =======================
[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
[users]
# The 'users' section is for simple deployments
# when you only need a small number of statically-defined
# set of User accounts.
[roles]
# The 'roles' section is for simple deployments
# when you only need a small number of statically-defined
# roles.
[urls]
# The 'urls' section is used for url-based security
# in web applications. We'll discuss this section in the
# Web documentation
说明:
[main] 主配置
configure the application's SecurityManager instance and any of its dependencies, such as Realms.
配置SecurityManager 及其依赖,如Realms(安全数据源).
[main]
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher # 加密密码匹配
# true = hex, false = base64:
sha256Matcher.storedCredentialsHexEncoded = false
myRealm = com.company.security.shiro.DatabaseRealm
myRealm.connectionTimeout = 30000
myRealm.username = jsmith # 内部被转换为
myRealm.setUsername("jsmith");
myRealm.password = secret
myRealm.credentialsMatcher = $sha256Matcher # 凭证(密码)加密
securityManager.sessionManager.globalSessionTimeout = 1800000
多个属性(逗号 ,)
securityManager.sessionManager.sessionListeners = $sessionListener1, $sessionListener2
Map形式属性设置
object1 = com.company.some.Class
object2 = com.company.another.Class
...
anObject = some.class.with.a.Map.property
anObject.mapProperty = key1:$object1, key2:$object2
重复设置的属性,后写的覆盖前面的
myRealm = com.company.security.MyRealm
...
myRealm = com.company.security.DatabaseRealm #(覆盖了前面的myRealm)
[users] 用户配置
[users]
admin = secret #
A password is required.
lonestarr = vespa, goodguy, schwartz
darkhelmet = ludicrousspeed, badguy, schwartz
# user1 = sha256-hashed-hex-encoded password, role1, role2, ... # 可以使用 shiro 的
Command Line Hasher 来加密密码。需要配置 credentialsMatcher
格式: 用户 = 密码,角色1,角色2,... ,角色N
username = password, roleName1, roleName2, ..., roleNameN
[roles] 角色配置
[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
admin = * # 所有权限
# The 'schwartz' role can do anything (*) with any lightsaber:
schwartz = lightsaber:* # 角色 schwartz 拥有对资源 lightsaber 做任何事的权限
# The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with
# license plate 'eagle5' (instance specific id)
goodguy = winnebago:drive:eagle5 # 角色
goodguy 拥有对 id 为 eagle5 的 winnebago 资源执行 drive 的权限
格式:角色 = 权限定义1,权限定义2,... ,权限定义N
rolename = permissionDefinition1, permissionDefinition2, ..., permissionDefinitionN
权限定义:http://shiro.apache.org/permissions.html
[url] web应用中url过滤
[urls]
/index.html = anon
/user/create = anon
/account/**=ssl,authc # Any request to my application's path of /account or any of it's sub paths (/account/foo, /account/bar/baz, etc) will trigger the 'ssl, authc' filter chain
/user/** = authc
/admin/** = authc, roles[administrator]
/rest/** = authc, rest
/remoting/rpc/** = authc, perms["remote:invoke"]
格式:
URL_Ant_Path_Expression = Path_Specific_Filter_Chain
注意:
1. 所有URL都是相对于 HttpServletRequest.getContextPath() 值而言的
2. URL过滤原则是 FIRST MATCH WINS. 后面的不会覆盖前面的!
url中过滤器(anno等)定义:
filter1[optional_config1], filter2[optional_config2], ..., filterN[optional_configN] # 如 authc, perms["remote:invoke"]
注意:若filter不是shiro中已定义的(DefaultFilter),而是自己继承 PathMatchingFilter 实现的,则需要在【main】中先声明
测试时,可以在【main】中禁用 filter
[main]
...
# configure Shiro's default 'ssl' filter to be disabled while testing:
ssl.enabled = false
登录请求login.do不能设为authc
最新文章
- iOS 直播-网速监控
- JS学习笔记01
- Discuz插件开发中的困惑
- Android之设置横屏竖屏
- node-webkit教程(16)调试typescript
- poj 3436 (最大流)
- 鄙人对constructor和prototype的总结
- FPGA在其他领域的应用(二)
- 如何开发AR增强现实应用与产品
- php cookie的问题
- java(9)类和对象
- C语言第02次作业--循环结构
- vs不自动退出控制台程序的办法
- A1059. Prime Factors
- Java反射、动态加载(将java类名、方法、方法参数当做参数传递,执行方法)
- mysql Alter table设置default的问题,是bug么?
- [图片生成]使用VAEs生成新图片
- IOS的属性和实例变量
- Python 的并发编程
- 去掉VS2010代码中文注释的红色下划线
热门文章
- Map集合学习
- IOS Number 处理(int-->;NSNumber,NSNumber-->;nsinteger,string -->;double,CGFloat -->; dobule)
- 【spring源码学习】spring的task配置
- postcss gulp 安装使用
- testem方便的web tdd 测试框架使用
- hadoop之 distcp(分布式拷贝)
- Face detection in color images, 彩色图像中的人脸检测
- C++代码规范之命名
- 关于FPGA复位的认识
- (转)win7+iis7.5+asp.net下 CS0016: 未能写入输出文件“c:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files 解决方案
/WEB-INF/shiro.ini or classpath:shiro.ini
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
<init-param>
<param-name>configPath</param-name>
<param-value>/WEB-INF/anotherFile.ini</param-value>
</init-param>
</filter>
# =======================
# Shiro INI configuration
# =======================
[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
[users]
# The 'users' section is for simple deployments
# when you only need a small number of statically-defined
# set of User accounts.
[roles]
# The 'roles' section is for simple deployments
# when you only need a small number of statically-defined
# roles.
[urls]
# The 'urls' section is used for url-based security
# in web applications. We'll discuss this section in the
# Web documentation
说明:
[main] 主配置
[main]
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher # 加密密码匹配
# true = hex, false = base64:
sha256Matcher.storedCredentialsHexEncoded = false
myRealm = com.company.security.shiro.DatabaseRealm
myRealm.connectionTimeout = 30000
myRealm.username = jsmith # 内部被转换为
myRealm.setUsername("jsmith");myRealm.password = secret
myRealm.credentialsMatcher = $sha256Matcher # 凭证(密码)加密
securityManager.sessionManager.globalSessionTimeout = 1800000
多个属性(逗号 ,)
securityManager.sessionManager.sessionListeners = $sessionListener1, $sessionListener2
Map形式属性设置
object1 = com.company.some.Class
object2 = com.company.another.Class
...
anObject = some.class.with.a.Map.property
anObject.mapProperty = key1:$object1, key2:$object2
重复设置的属性,后写的覆盖前面的
myRealm = com.company.security.MyRealm
...
myRealm = com.company.security.DatabaseRealm #(覆盖了前面的myRealm)
[users] 用户配置
[users]
admin = secret #
A password is required.lonestarr = vespa, goodguy, schwartz
darkhelmet = ludicrousspeed, badguy, schwartz
# user1 = sha256-hashed-hex-encoded password, role1, role2, ... # 可以使用 shiro 的
Command Line Hasher 来加密密码。需要配置 credentialsMatcher
格式: 用户 = 密码,角色1,角色2,... ,角色N
username = password, roleName1, roleName2, ..., roleNameN
[roles] 角色配置
[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
admin = * # 所有权限
# The 'schwartz' role can do anything (*) with any lightsaber:
schwartz = lightsaber:* # 角色 schwartz 拥有对资源 lightsaber 做任何事的权限
# The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with
# license plate 'eagle5' (instance specific id)
goodguy = winnebago:drive:eagle5 # 角色
goodguy 拥有对 id 为 eagle5 的 winnebago 资源执行 drive 的权限
格式:角色 = 权限定义1,权限定义2,... ,权限定义N
rolename = permissionDefinition1, permissionDefinition2, ..., permissionDefinitionN
权限定义:http://shiro.apache.org/permissions.html
[url] web应用中url过滤
[urls]
/index.html = anon
/user/create = anon
/account/**=ssl,authc # Any request to my application's path of /account or any of it's sub paths (/account/foo, /account/bar/baz, etc) will trigger the 'ssl, authc' filter chain
/user/** = authc
/admin/** = authc, roles[administrator]
/rest/** = authc, rest
/remoting/rpc/** = authc, perms["remote:invoke"]
格式:
URL_Ant_Path_Expression = Path_Specific_Filter_Chain
注意:
1. 所有URL都是相对于 HttpServletRequest.getContextPath() 值而言的
filter1[optional_config1], filter2[optional_config2], ..., filterN[optional_configN] # 如 authc, perms["remote:invoke"]
注意:若filter不是shiro中已定义的(DefaultFilter),而是自己继承 PathMatchingFilter 实现的,则需要在【main】中先声明
[main]
...
# configure Shiro's default 'ssl' filter to be disabled while testing:
ssl.enabled = false