JavaAuthenticationPart7
Using Apache Shiro
ShiroConfig.java
java
Copy code
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/home");
shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(iniRealm());
return securityManager;
}
@Bean
public IniRealm iniRealm() {
return new IniRealm("classpath:shiro.ini");
}
}
Explanation:
This configuration sets up Apache Shiro for security management within a Spring application. The ShiroFilterFactoryBean is configured to handle security filters, specifying URLs for login, success, and unauthorized access. The SecurityManager bean is created using DefaultWebSecurityManager, which is a core component in Shiro responsible for managing security operations. The IniRealm is used to read user credentials and roles from an INI file (shiro.ini). This setup allows for defining users, roles, and permissions in a simple configuration file, making it easy to manage and secure the application. When a request is made to the application, the Shiro filter intercepts it, checks the user's authentication and authorization status, and takes appropriate action based on the configuration.
For more details find part 8,in the blog,next week.
Article by Sumit Malhotra
Published 14 Jan 2024