zoukankan      html  css  js  c++  java
  • Apache Shiro知识点总览

    1. 名词解释

    2. 权限认证

    3. 授权

    4. ini文件配置

    5. jsp标签授权

    6. Shiro会话机制

    7. 自定义Realm

    8. 加密、解密

    9. 特性

    10. 与spring整合

    名词解释

    Subject:认证主体

    Reaml:认证来源[jdbc、property、text、jndi]

    权限认证

    谁访问什么资源

    权限:页面

    角色:权限的集合

    用户:subject

    授权

    为角色分配权限

    例如:admin = user : *

    ini文件配置

    [main]

    authc.loginUrl = /login

    roles.unauthorizedUrl = /unauthorized

    perms.unauthorizedUrl = /unauthorized.jsp

    [users]

    jack = 123,admin

    [roles]

    admin = user : *

    [urls]

    /login = anon

    /admin = authc

    /student = roles[teacher]

    /teacher = perms["user:create"]

    Url匹配规则

    /admin        匹配/admin

    /admin?      匹配/admin1

    /admin*       匹配/admin123

    /admin/**    匹配/admin/1/2/3

    jsp标签授权

    依赖

    • shiro-web.jar

    • <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>

    例如:

    <shiro:guest>    Hi there!  Please 

        <a href="login.jsp">Login</a> or 

        <a href="signup.jsp">Signup</a> today!

    </shiro:guest>

    Shiro会话机制

    Subject currentUser = SecurityUtils.getSubject();

     Session session = currentUser.getSession(); 

    session.setAttribute( "someKey", someValue);

    getSession calls work in any application, even non-web applications.

    自定义Realm

    Most people choose to subclass the AuthorizingRealm abstract class instead of starting from scratch. This class implements common authentication and authorization workflow to save you time and effort.

    加密、解密

    例如:

    new Md5Hash(data)

    特性

    • Web Support: Shiro’s web support APIs help easily secure web applications.

    • Caching: Caching is a first-tier citizen in Apache Shiro’s API to ensure that security operations remain fast and efficient.

    • Concurrency: Apache Shiro supports multi-threaded applications with its concurrency features.

    • Testing: Test support exists to help you write unit and integration tests and ensure your code will be secured as expected.

    • “Run As”: A feature that allows users to assume the identity of another user (if they are allowed), sometimes useful in administrative scenarios.

    • “Remember Me”: Remember users’ identities across sessions so they only need to log in when mandatory.

    与spring整合

    web.xml

    <!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->

    <filter>    

        <filter-name>shiroFilter</filter-name>    

        <filter-class>

                org.springframework.web.filter.DelegatingFilterProxy

        </filter-class>    

        <init-param>        

            <param-name>targetFilterLifecycle</param-name>        

            <param-value>true</param-value>    

        </init-param>

    </filter>...

    <!-- Make sure any request you want accessible to Shiro is filtered. /* catches all --><!-- requests.  Usually this filter mapping is defined first (before all others) to --><!-- ensure that Shiro works in subsequent filters in the filter chain:             -->

    <filter-mapping>    

        <filter-name>shiroFilter</filter-name>    

        <url-pattern>/*</url-pattern>

    </filter-mapping>

    applicationContext.xml

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">    

        <property name="securityManager" ref="securityManager"/>    

        <property name="loginUrl" value="/login.jsp"/>    

        <property name="successUrl" value="/home.jsp"/>    

        <property name="unauthorizedUrl" value="/unauthorized.jsp"/>    

        <property name="filterChainDefinitions">        

            <value>            

                # some example chain definitions:            

                /admin/** = authc, roles[admin]            

                /docs/** = authc, perms[document:read]            

                /** = authc            

                # more URL-to-FilterChain definitions here        

            </value>    

        </property>

    </bean>

    <bean id="someFilter" class="..."/>

        <bean id="anotherFilter" class="..."> ... 

    </bean>...

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">        

        <property name="realm" ref="myRealm"/>    

    </bean>

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

        <bean id="myRealm" class="...">    ...

    </bean>

  • 相关阅读:
    java开发:分享一下百度ueditor和七牛的图片集成上传
    java开发:分享一下使用urlrewrite实现网址的个性访问
    javascript应用:页面解析list和map封装后的json数据
    JAVA开发:分享一些SpringMvc+Ibatis+spring的框架使用心得
    使用OLEDB读取excel和csv文件
    静态代码块、构造代码块
    序列化和反序列化
    windows下Mysql5.7.10免安装版配置
    form表单中的encType属性
    关于字符编码,你所需要知道的(ASCII,Unicode,Utf-8,GB2312…)
  • 原文地址:https://www.cnblogs.com/luoxiaolei/p/6725187.html
Copyright © 2011-2022 走看看