shiro | 易学教程

Shiro简介与入门

阅读更多关于 Shiro简介与入门

Shiro简介与入门 Apache Shiro是一个强大且易用的Java安全框架,有身份验证、授权、密码学和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 Spring security 重量级安全框架 Apache Shiro轻量级安全框架 i. 导入jar org.apache.shiro shiro-core 1.4.0 commons-logging commons-logging 1.2 junit junit 4.12 ii. 准备资源资源我们可以到shiro的源码文件中拷备: /shiro-root-1.4.0-RC2/samples/quickstart/src/main/resources shiro.ini log4j.properties 注：users下面代表的登录的用户(用户名=密码) shiro.ini文件(对拷备过来的数据进行了解释)： # -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - 所有的用户与对应的用户密码，用户的角色 -- -- -- -- -- -- -- -- -- --

shiro权限管理

阅读更多关于 shiro权限管理

shiro 1、shiro简介 Apache Shiro是一个强大且易用的Java安全框架,有身份验证、授权、密码学和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 shiro四大基石： 1、Authentication(身份认证/登录) 2、Authorization（授权） 3、Session Management（会话管理） 4、Cryptography（密码学） 2、shiro架构 Subject: 表示当前用户，不一定是人，也有可能是网络爬虫、机器人等 SecurityManager: 安全管理器， shiro的核心 Realm: 获取安全数据（用户，角色，权限） 3、shiro入门 1、导包 <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

权限与菜单

阅读更多关于权限与菜单

1.在项目添加权限 shiro处理权限流程：（1）把所有的权限交给shiro管理 --createFilterChainDefinitionMap 可以体现处理（2）在realm里面就要查询当前用户的权限，如果这个权限在shiro管理返回之内，这个用户就有响应的权限否则就没有 1.1 从数据库查询所有权限交给shiro管理 List permissions = permissionService.findAll(); for (Permission permission : permissions) { mp.put(permission.getUrl(), “perms[”+permission.getSn()+"]"); } 1.2 查询当前用户具备权限 –sql查询当前用户的权限 select p.* from employee e join employee_role er on e.id = er.employee_id join role r on er.role_id = r.id join role_permission rp on rp.role_id = r.id join permission p on p.id = rp.permission_id where e.id = 2 protected AuthorizationInfo

shiro简单的认证功能

阅读更多关于 shiro简单的认证功能

使用静态shiro.ini文件完成认证创建项目到爆　　　　　<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.1</version> </dependency>  <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-simple</artifactId> <version>1.7.21</version> <scope>test</scope> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>jcl-over-slf4j</artifactId> <version>1.7.21</version> <scope>test</scope> </dependency> 核心的shiro和log4j依赖顺便创建log4j文件

上手spring boot项目(二)之spring boot整合shiro安全框架

阅读更多关于上手spring boot项目(二)之spring boot整合shiro安全框架

题记：在学习了springboot和thymeleaf之后，想完成一个项目练练手，于是使用springboot+mybatis和thymeleaf完成一个博客系统，在完成的过程中出现的一些问题，将这些问题记录下来，作为自己的学习心得。在这先感谢群主TyCoding的Tumo项目，虽然本人实在太菜了，好些地方看不懂，但还是使我受益匪浅。 shiro作为一个小巧灵活的安全框架，在认证和授权方面简约但又不简单，十分容易上手使用。下面是整合shiro的具体流程。 1.添加依赖 1  2 <dependency> 3 <groupId>org.apache.shiro</groupId> 4 <artifactId>shiro-spring</artifactId> 5 <version>1.3.2</version> 6 </dependency> 7  8 <dependency> 9 <groupId>org.apache.shiro</groupId> 10 <artifactId>shiro-core</artifactId> 11 <version>1.3.2</version> 12 </dependency> 2.在springboot控制台中添加基础包的扫描和实体类的扫描注解由于本人实在粗心

Grails - ShiroSecurity - manually login user

阅读更多关于 Grails - ShiroSecurity - manually login user

问题 I am trying to do relatively simple thing: log in user manually. I am using FacebookGraph plugin to connect to facebook. If user logs in via Facebook, i get his ID and I want to authenticate him in ShiroSecurity. Of course such trivial thing like session.user = user does not work. I have found the code in the wiki, which should do the trick: Object userIdentity = user.email String realmName = "username"; PrincipalCollection principals = new SimplePrincipalCollection(userIdentity, realmName);

Max user sessions per user - apache shiro

阅读更多关于 Max user sessions per user - apache shiro

问题 I have configured Apache shiro and it works fine with my application. Now i need to configure max sessions per user, meaning one user cannot login into another machine or if he tries to login, it should invalidate its previous session or maybe he cannot login with new session. At single point of time, there should only be one user session. LoginServlet UsernamePasswordToken token = new UsernamePasswordToken(username , password); org.apache.shiro.subject.Subject subject = SecurityUtils

SpringMVC Proxy issue

阅读更多关于 SpringMVC Proxy issue

问题 I have been trying to find an answer to this problem for days, and I hope someone can point me in the right direction. I have a SpringMVC app that uses Java Configuration and I was doing fine until I tried to integrate Apache-Shiro into it. I am able to build and run my tests. But my deploy fails because of Proxy/CGLIB issues. Here is the exception I get on deploy/restart: Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'menuRepository': Post

Jsessionid cookie doesn't expire after Chrome closing

阅读更多关于 Jsessionid cookie doesn't expire after Chrome closing

问题 I use Shiro framework for authentication. The problem is: when I close Chrome browser and open it again I still can get access to protected URLs. If I delete jsessionid cookie by hand all is ok, access to protected URLs becomes forbidden. In the settings of jsessionid I see: Expires: When the browsing session ends . So, it should be expired, but it doesn't. Also I did this manipulation in firefox and have no that problems. I have no idea even which way investigate for. P.S. I don't use shiro

A child container failed during start

阅读更多关于 A child container failed during start

问题 I am getting below error; SEVERE: A child container failed during start java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/SimpleJDBCRealms]] at java.util.concurrent.FutureTask$Sync.innerGet(Unknown Source) at java.util.concurrent.FutureTask.get(Unknown Source) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1123) at org.apache.catalina.core