Configuring Apache Shiro with Google Guice Servlet

空扰寡人 提交于 2019-12-04 10:51:09

问题


I'm starting to use Guice/Shiro instead of Spring/Spring Security. I have looked examples from Shiro site, and all configuration examples are made as INI-file examples. Is it possible to configure Shiro in plain Java, as Guice Servlets are meant to be configured?


回答1:


Yes it is possible, but requires some glue code if you want Guice to create your Realms.

  1. Bind Realm implementation:
    bind(Realm.class).to(MyRealm.class).in(Singleton.class);
  1. Bind WebSecurityManager:
    @Provides @Singleton WebSecurityManager securityManager(Realm realm) {
      DefaultWebSecurityManager sm = new DefaultWebSecurityManager();
      sm.setRealm(realm);
      return sm;
    }
  1. Subclass one of Shiro filters so you can use Guice provided WebSecurityManager:
    public class SecurityFilter extends IniShiroFilter {

      static class SecurityManagerFactory extends WebIniSecurityManagerFactory {

        private final WebSecurityManager securityManager;

        public SecurityManagerFactory(WebSecurityManager securityManager) {
          this.securityManager = securityManager;
        }

        public SecurityManagerFactory(WebSecurityManager securityManager, Ini ini) {
          super(ini);
          this.securityManager = securityManager;
        }

        @Override
        protected SecurityManager createDefaultInstance() {
          return securityManager;
        }
      }

      private final Provider<WebSecurityManager> securityManager;

      @Inject
      SecurityFilter(Provider<WebSecurityManager> securityManager) {
        super();
        this.securityManager = securityManager;
      }


      protected Map<String, ?> applySecurityManager(Ini ini) {
        SecurityManagerFactory factory;
        if (ini == null || ini.isEmpty()) {
          factory = new SecurityManagerFactory(securityManager.get());
        } else {
          factory = new SecurityManagerFactory(securityManager.get(), ini);
        }
        setSecurityManager((WebSecurityManager) factory.getInstance());
        return factory.getBeans();
      }
    }
  1. Configure your filter:
    Joiner lines = Joiner.on("\n");
    Map<String, String> config = ImmutableMap.of("config", lines.join(
        "; here you can provide additional ini",
        "[roles]",
        "admin = *",
        "[urls]",
        "/secure/** = authcBasic"
    ));
    filter("/*").through(SecurityFilter.class, config);


来源:https://stackoverflow.com/questions/5887603/configuring-apache-shiro-with-google-guice-servlet

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!