shiro

shiro学习之配置

时光毁灭记忆、已成空白 提交于 2019-12-03 16:33:24
shiro学习之配置 一、简介 shiro的配置主要分为两部分:权限(包括:账户、密码、角色、资源),模块(包括:认证、授权、session、cache、web)。在学习的过程中千万要分开理解,不然很容易混淆。在单独使用shiro的时候,我们需要配置xxx.ini文件来修改我们需要的信息。shiro的每个部分都是以[xxx]开始,其中[main]是模块配置,后面的[users],[roles],[urls]则是权限关配置。 一、权限配置 [users] #提供了对用户/密码及其角色的配置,用户名=密码,角色1,角色2 username=password,role1,role2 [roles] #提供了角色及权限之间关系的配置,角色=权限1,权限2 role1=permission1,permission2 [users]:下面配置的是账户、密码,以及该账户的权限。 [roles]:对应每一个角色的访问资源。 (shiro采取的是:一个用户对应多个角色,一个角色对应多个资源) 二、模块配置 a)先看一下 配置 的代码:这段代码直接通过源码实现来一步步new出来的。 //全局sercurityManager DefaultSecurityManager securityManager = new DefaultSecurityManager(); //设置authenticator

How to redirect already authenticated user from login page to home page

ぃ、小莉子 提交于 2019-12-03 14:43:29
I'm developing JSF application with Apache Shiro. I autenticate the user with Shiro and redirect her to home page there is no problem with that. After the authentication when I try to access login page, it doesn't redirect me the homepage. I can login again even when there is already loggedin user. I'm doing Programmatic Login as BalusC mentioned in his blog post. [main] credentialsMatcher = org.apache.shiro.authc.credential.PasswordMatcher myRealm = com.example.security.myRealm myRealm.credentialsMatcher = $credentialsMatcher securityManager.realms = $myRealm user = com.example.web.filter

Shiro授权

∥☆過路亽.° 提交于 2019-12-03 14:37:35
1.shiro授权角色、权限 授权 Mapper接口 Set<String> getRolesByUserId(@Param("userid") Integer userid); Set<String> getPersByUserId(@Param("userid") Integer userid); Mapper.xml <select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r where u.userid = ur.userid and ur.roleid = r.roleid and u.userid = #{userid} </select> <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t

Shiro授权

♀尐吖头ヾ 提交于 2019-12-03 13:33:10
授权 在 ShiroUserMapper.xml 中新增内容 <select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r where u.userid = ur.userid and ur.roleid = r.roleid and u.userid = #{userid} </select> <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid and u.userid = #{userid} </select>  

springboot jpa

痞子三分冷 提交于 2019-12-03 13:33:03
最近自己搞了个springboot jpa的项目练手,用到了shiro控制权限,过程中遇到了一些问题,记录一下。 1、jpa确实方便,适合快速开发,具体使用方法: (1)pom文件引用 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId></dependency> (2)application.properties文件引用 spring.jpa.database-platform=mysqlspring.jpa.hibernate.ddl-auto=updatespring.jpa.show-sql=truespring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialectspring.jpa.properties.hibernate.enable_lazy_load_no_trans=true (3)以用户管理举例 dao层 public interface UserDao extends JpaRepository<User,Integer>, JpaSpecificationExecutor<User> { User

shiro授权+注解式开发

半世苍凉 提交于 2019-12-03 13:32:37
shiro授权和注解式开发 1、 shiro授权角色、权限 2、 Shiro的注解式开发 ShiroUserMapper.xml 1 <select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> 2 select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r 3 where u.userid = ur.userid and ur.roleid = r.roleid 4 and u.userid = #{userid} 5 </select> 6 <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> 7 select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p 8 where u.userid = ur.userid and ur.roleid = rp.roleid and rp

shiro授权、注解式开发

懵懂的女人 提交于 2019-12-03 13:21:58
在ShiroUserMapper.xml中新增内容 <select id="getRolesByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select r.roleid from t_shiro_user u,t_shiro_user_role ur,t_shiro_role r where u.userid = ur.userid and ur.roleid = r.roleid and u.userid = #{userid} </select> <select id="getPersByUserId" resultType="java.lang.String" parameterType="java.lang.Integer"> select p.permission from t_shiro_user u,t_shiro_user_role ur,t_shiro_role_permission rp,t_shiro_permission p where u.userid = ur.userid and ur.roleid = rp.roleid and rp.perid = p.perid and u.userid = #{userid} </select>

How to stock and use a shiro's salt from database

蹲街弑〆低调 提交于 2019-12-03 13:00:29
问题 I use shiro in application for the authenticate. I use hashed password with a salt and I store them in my database like this : private User createUserWithHashedPassword(String inName, String inFirstName, String inLastName, String inPassword){ ByteSource salt = randomNumberGenerator.nextBytes(32); byte[] byteTabSalt = salt.getBytes(); String strSalt = byteArrayToHexString(byteTabSalt); String hashedPasswordBase64 = new Sha256Hash(inPassword, salt, 1024).toBase64(); return new User(inName

Multi tenancy in Shiro

时间秒杀一切 提交于 2019-12-03 12:52:55
问题 We are evaluating Shiro for a custom Saas app that we are building. Seems like a great framework does does 90% of what we want, out of the box. My understanding of Shiro is basic, and here is what I am trying to accomplish. We have multiple clients, each with an identical database All authorization (Roles/Permissions) will be configured by the clients within their own dedicated database Each client will have a unique Virtual host eg. client1.mycompany.com, client2.mycompany.com etc Scenario 1
订阅 shiro