【问题标题】:How to configure roles with Apache Shiro 1.2-SNAPSHOT and Guice?如何使用 Apache Shiro 1.2-SNAPSHOT 和 Guice 配置角色?
【发布时间】:2011-11-26 11:42:51
【问题描述】:

我在玩 Shiro,想通过 ShiroWebModule 配置角色。

addFilterChain("/**", AUTHC);

这可行,我的登录页面已显示,我可以登录了。

但是

addFilterChain("/test/**", AUTHC, config(ROLES, "test")); //that does not seem to be the right way

没有。我可以以访客身份访问 /guest/** 和 /test/**。

我的模块:

public class HelloMavenShiroModule extends ShiroWebModule {
    HelloMavenShiroModule(ServletContext sc) {
        super(sc);
    }

    protected void configureShiroWeb() {
        try {
            bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
        } catch (NoSuchMethodException e) {
            throw new RuntimeException("Code Problem.", e);
        }


        addFilterChain("/**", AUTHC);
        addFilterChain("/guest/**", AUTHC, config(ROLES, "guest"));
        addFilterChain("/test/**", AUTHC, config(ROLES, "[test]"));

        //addFilterChain("/**", AUTHC);
        bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/account/login.jsp");
        bindConstant().annotatedWith(Names.named("shiro.globalSessionTimeout")).to(30000L);
        bindConstant().annotatedWith(Names.named("shiro.usernameParam")).to("user");
        bindConstant().annotatedWith(Names.named("shiro.passwordParam")).to("pass");
        bindConstant().annotatedWith(Names.named("shiro.rememberMeParam")).to("remember");
        bindConstant().annotatedWith(Names.named("shiro.successUrl")).to("/index.html");
        bindConstant().annotatedWith(Names.named("shiro.failureKeyAttribute")).to("helloMavenLoginFailure");
        bindConstant().annotatedWith(Names.named("shiro.unauthorizedUrl")).to("/account/denied.jsp");

        bind(AuthenticationFilter.class).to(VerboseFormAuthenticationFilter.class);
        bind(CredentialsMatcher.class).to(HashedCredentialsMatcher.class);
        bind(HashedCredentialsMatcher.class);
        bindConstant().annotatedWith(Names.named("shiro.hashAlgorithmName")).to(Sha256Hash.ALGORITHM_NAME);
    }

    @Provides
    Ini loadShiroIni() {
        return Ini.fromResourcePath("classpath:shiro.ini");
    }
}

shiro.ini:

# -----------------------------------------------------------------------------
# Users and their (optional) assigned roles
# username = password, role1, role2, ..., roleN
# -----------------------------------------------------------------------------
[users]
root = 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b, admin
guest = 84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec, guest

# -----------------------------------------------------------------------------
# Roles with assigned permissions
# roleName = perm1, perm2, ..., permN
# -----------------------------------------------------------------------------
[roles]
admin = *

我知道它还没有发布,但也许已经有可能了,我只是不知道。

【问题讨论】:

    标签: java dependency-injection guice shiro


    【解决方案1】:

    我在清理完所有东西并再次尝试后发现自己:

    addFilterChain("/test/**", AUTHC, config(ROLES, "test"));
    

    已经是正确的方法了。我不知道是什么导致了这个问题,但是现在只有具有“test”角色的用户才被允许访问 /test/ 下的资源!这正是我想要的。

    我现在很开心! :)

    【讨论】:

      猜你喜欢
      • 2011-08-18
      • 2012-12-25
      • 2012-02-15
      • 2012-12-28
      • 2014-06-15
      • 2013-10-31
      • 2018-12-16
      • 2013-06-28
      • 2017-01-22
      相关资源
      最近更新 更多