shiro

access control, role and permission in grails

阅读更多关于 access control, role and permission in grails

问题 I am working on a grails application for the first time and I now want to protect some pages to be viewed only by admins, and give some permissions to other users. I am using Apache Shiro plugin for grails. My sample code in the bootstrap looks like this class BootStrap { def init = { servletContext -> def adminRole if(ShiroRole.findByName("Admin".isEmpty())){ adminRole = new ShiroRole(name: "Administrator") adminRole.addToPermissions("*:*") adminRole.addToPermissions("admin") adminRole.save(

shiro授权问题详细介绍

阅读更多关于 shiro授权问题详细介绍

首先我先把图放上面主要介绍一下首先通过 shiro 相关的api创建 securityManager对应的subject 对象 2判断subject 主体是否通过认证 3 通过 subject .ispermitted()/hasRole方法进行权限判断 subject是由他的实现类DelegatingSubject调用方法的该类将处理交给securityManager 由他的实现类DefaultSecurityManager进行处理 DefaultSecurityManager又调用它的父类 AuthorizingSecurityManager 中的ispermitted方法来处理该类将处理交给authorizer（授权器）由其实现类 ModularRealmAuthorizer调用相对应的Realm处理数据在该类中的permissionResovler对权限字符串进行解析在对应的Realm中有对应的RermissionResovler交给 wildCardPermissionResovler 该类中调用wildcardpermission进行权限字符串解析。搞定！！！！来源： CSDN 作者：想你三千五百遍链接： https://blog.csdn.net/weixin_44772380/article/details/103769701

How to configure JDBCRealm to obtain its DataSource from JNDI

阅读更多关于 How to configure JDBCRealm to obtain its DataSource from JNDI

问题 How do you use a JDBCRealm to handle authenticating and authorizing users in servlets? The only example I can find is to create the DataSource in web.xml (such as Authentication against database using shiro 1.2.1). I do not want to include database credentials in my source tree (for obvious reasons) and would prefer to use a Context defined DataSource via JNDI as I have for every other RDBMS I have used for any other purpose in every other servlet project I have developed. How do you

How to configure JDBCRealm to obtain its DataSource from JNDI

阅读更多关于 How to configure JDBCRealm to obtain its DataSource from JNDI

快速学习Shiro-Shiro的入门

阅读更多关于快速学习Shiro-Shiro的入门

4. Shiro安全框架 4.4 Shiro的入门 4.4.1 搭建基于ini的运行环境（1）创建工程导入shiro坐标 <dependencies> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> </dependency> </dependencies> 4.4.1 用户认证认证：身份认证/登录，验证用户是不是拥有相应的身份。基于shiro的认证，是通过subject的login方法完成用户认证工作的（1）在resource目录下创建shiro的ini配置文件构造模拟数据（shiro-auth.ini） [users] #模拟从数据库查询的用户 #数据格式用户名=密码 zhangsan=123456 lisi=654321 （2）测试用户认证 @Test public void testLogin() throws Exception{ //1

阅读更多关于 Shiro

导入依赖： < dependency > < groupId > org . apache . shiro < / groupId > < artifactId > shiro - spring - boot - starter < / artifactId > < version > 1.4 .2 < / version > < / dependency > 配置数据库信息： spring : datasource : driver-class-name : com.mysql.cj.jdbc.Driver url : jdbc : mysql : //localhost : 3306/shiro ? serverTimezone=UTC username : root password : 123456 编写mapper模块： @Mapper @Repository public interface UserMapper { @Select ( "select * from user where username = #{username}" ) Map getUser ( String username ) ; //按账号查询用户方法 @Select ( "select c.name from user a join ur b on a.id=b.uid join role

（32）Spring Boot使用@SpringBootApplication注解，从零开始学Spring Boot

阅读更多关于（32）Spring Boot使用@SpringBootApplication注解，从零开始学Spring Boot

【来也匆匆，去也匆匆，在此留下您的脚印吧 , 转发点赞评论】如果看了我之前的文章，这个节你就可以忽略了，这个是针对一些刚入门的选手存在的困惑进行写的一篇文章。很多 Spring Boot 开发者总是使用 @Configuration ， @EnableAutoConfiguration 和 @ComponentScan 注解他们的 main 类。由于这些注解被如此频繁地一块使用（特别是你遵循以上最佳实践时）， Spring Boot 提供一个方便的 @SpringBootApplication 选择。该 @SpringBootApplication 注解等价于以默认属性使用 @Configuration ， @EnableAutoConfiguration 和 @ComponentScan 。这是官方进行解析的，我个人自己第一次接触的时候也是有这个困惑的，希望此篇文章能解答在研究 Spring Boot 困惑的人。【Spring Boot 系列博客】 61. mybatic insert 异常： BindingException: Parameter 'name' not found 【从零开始学 Spring B 】 60. Spring Boot 写后感【从零开始学 Spring Boot 】 59. Spring Boot Validator 校验【从零开始学

Shiro笔记（四）Shiro的realm认证

阅读更多关于 Shiro笔记（四）Shiro的realm认证

认证流程: 1.获取当前Subject.调用SecurityUtils.getSubject(); 2.测试当前用户是否已经被认证,即是否已经登录,调用Subject的isAurhenticated(); 3.若没有认证,则把用户名和密码封装成UsernamePasswordToken对象. 对于B/S应用程序来说,一般用户名和密码是在前台表单中获得的: 1.创建一个表单页面. 2.把请求提交到SpringMVC的Controller. 3.获取用户名和密码. 4.执行登录:调用Subject.login(AuthenticationToken) 方法. 5.自定义Realm方法,从数据库中获取对应的记录,返回给Shiro. 自定义Realm的实现: 1.继承org.apache.shiro.realm.AuthenticatingRealm类. 2.实现doGetAuthenticationInfo(AuthenticationToken)方法. 为什么要继承它且实现它的doGetAuthenticationInfo方法呢?可以跟进源码查看 subject.login(token) 是怎样工作的: subject.login(token) -> securityManager.login(this, token) -> authenticate(token) ->

Java之——java.lang.NoSuchMethodException: [org.springframework.web.multipart.MultipartFile;.()

阅读更多关于 Java之——java.lang.NoSuchMethodException: [org.springframework.web.multipart.MultipartFile;.()

转自：https://blog.csdn.net/l1028386804/article/details/65449355 ava.lang.NoSuchMethodException: [org.springframework.web.multipart.MultipartFile;.<init>() at java.lang.Class.getConstructor0(Class.java:2721) at java.lang.Class.getDeclaredConstructor(Class.java:2002) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:104) at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.createAttribute(ModelAttributeMethodProcessor.java:132) at org.springframework.web.servlet.mvc.method.annotation.ServletModelAttributeMethodProcessor.createAttribute

Inject CDI managed bean in custom Shiro AuthorizingRealm

阅读更多关于 Inject CDI managed bean in custom Shiro AuthorizingRealm

问题 In an app I'm building we're using straight Java 6 EE and JBoss (no Spring, etc), with JPA/Hibernate, JSF, CDI and EJBs. I haven't found many good general security solutions (recommendations are welcome), but the best bet I found is Apache Shiro. However this seems to have a number of shortcomings. Some of which you can read about at Balus C's site: http://balusc.blogspot.com/2013/01/apache-shiro-is-it-ready-for-java-ee-6.html But I've stumbled on another big problem which is already

订阅 shiro