Explain the integration of spring and Shiro in detail
Shiro's components are JavaBean / POJO components, so it is very easy to use spring for component management. It is very convenient to migrate from ini configuration to spring for management, and supports the integration of javase applications and web applications.
Before the example, you need to import Shiro spring and spring context dependencies. Please refer to POM xml。
spring-beans. The XML configuration file provides the configuration of basic components such as datasource, Dao and service components.
Javase applications
spring-shiro. XML provides spring configuration for ordinary javase independent applications:
It can be seen that as long as the previous ini configuration is translated into the spring XML configuration mode here, there is no need to explain. Lifecyclebeanpostprocessor is used to call the initializable interface callback when the Shiro bean that implements the initializable interface is initialized, and call the destroyable interface callback when the Shiro bean that implements the destroyable interface is destroyed. For example, userrealm implements initializable, while defaultsecuritymanager implements destroyable. You can view their inheritance relationship.
For test cases, please refer to com github. zhangkaitao. shiro. chapter12. ShiroTest。
Web application
Some configurations of web applications and ordinary Java se applications are similar. Only some different configurations are provided here. For detailed configuration, please refer to spring Shiro web xml。
1. Sessionidkookie is a template used to produce session ID cookies;
2. The session manager uses the defaultwebsessionmanager for the web environment;
3. The security manager uses the defaultwebsecuritymanager for the web environment.
1. Formauthenticationfilter is an authentication filter based on form; You can add your own filter bean definition here;
2. Shirofilter: shirofilterfactorybean is used here to create shirofilter filter; The filters attribute is used to define its own filters, that is, the [filters] section in the INI configuration; Filterchaindefinitions is used to declare the relationship between URL and filter, that is, the [URLs] part of INI configuration.
Then you need to open the web XML is configured as follows:
Load the spring configuration file specified by contextconfiglocation through contextloaderlistener.
Delegatingfilterproxy will automatically find the bean named shirofilter in the spring container and hand over the filter request to it for processing.
Shiro permission annotation
Shiro provides corresponding annotations for permission control. If you use these annotations, you need to use the functions of AOP for judgment, such as spring AOP; Shiro provides spring AOP integration for parsing and validating permission annotations.
For testing, spring MVC is used here to test Shiro annotations. Of course, Shiro annotations can be used not only in the web environment, but also in the independent Java se. Here is just a web example.
In spring MVC Support for adding Shiro spring AOP permission annotation to XML configuration file:
The above configuration is used to enable Shiro spring AOP permission annotation support< AOP: config proxy target class = "true" > indicates the proxy class.
Then, you can annotate in the corresponding annotation controller in the following way:
The precondition for accessing the hello2 method is that the current user has the admin role.
When validation fails, it will throw unauthorized exception. In this case, you can use spring's exceptionhandler (defaultexceptionhandler) to intercept:
Permission annotation
@RequiresAuthentication
Indicates that the current subject has been authenticated through login; Subject Isauthenticated() returns true.
@RequiresUser
Indicates that the current subject has been authenticated or passed. Remember my login.
@RequiresGuest
It means that the current subject is not authenticated or has passed. Remember that I have logged in, that is, the tourist identity.
@RequiresRoles(value={“admin”, “user”}, logical= Logical.AND)
Indicates that the current subject requires the roles admin and user.
@RequiresPermissions (value={“user:a”, “user:b”}, logical= Logical.OR)
Indicates that the current subject requires permission user: A or user: B.
summary
The above is a detailed explanation of the integration of spring and Shiro introduced by Xiaobian. I hope it will help you. If you have any questions, please leave me a message, and Xiaobian will reply to you in time. Thank you very much for your support for the programming tips website!