https://ngeblognow.blogspot.com//search?q=how-to-integrate-apache-shiro-with
From at that spot nosotros volition focus on the changes:
1.) Update shiro.ini
[main] saltedJdbcRealm=com.ctr.mdl.commons.web.security.shiro.JdbcRealmImpl # whatever object belongings is automatically configurable inwards Shiro.ini file saltedJdbcRealm.jndiDataSourceName=dummyDS # the realm should handgrip besides control saltedJdbcRealm.permissionsLookupEnabled=true # If non filled, subclasses of JdbcRealm assume "select password from users where username = ?" # start effect column is password, minute effect column is tabular array salt saltedJdbcRealm.authenticationQuery = SELECT password, tabular array salt FROM crm_users WHERE username = ? # If non filled, subclasses of JdbcRealm assume "select role_name from user_roles where username = ?" saltedJdbcRealm.userRolesQuery = SELECT cite FROM crm_roles a INNER JOIN crm_user_roles b ON a.id=b.role_id INNER JOIN crm_users c ON c.id=b.user_id WHERE c.username = ? # If non filled, subclasses of JdbcRealm assume "select permission from roles_permissions where role_name = ?" saltedJdbcRealm.permissionsQuery = SELECT activeness FROM crm_permissions WHERE component subdivision = ? # password hashing specification, pose something big for hasIterations sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher sha256Matcher.hashAlgorithmName=SHA-256 sha256Matcher.hashIterations=1 saltedJdbcRealm.credentialsMatcher = $sha256Matcher cacheManager=org.apache.shiro.cache.ehcache.EhCacheManager cacheManager.cacheManagerConfigFile=classpath:ehcache.xml securityManager.cacheManager=$cacheManager shiro.loginUrl = /login.xhtml [urls] /login.xhtml = authc /logout = logout
Things to accept note:
1.) We should extend JdbcRealm to implement a salted password.
2.) Create a datasource inwards Glassfish named: dummyDS. For this project, I've usage postgresql.
3.) I've enabled permission lookup.
4.) I've enabled ehcache, past times adding dependency to pom.xml:
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.2.1</version> </dependency>
New/Updated classes:
JdbcRealmImpl:
package com.ctr.mdl.commons.web.security.shiro; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.sql.DataSource; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationException; import org.apache.shiro.realm.jdbc.JdbcRealm; import org.apache.shiro.util.JdbcUtils; import org.apache.shiro.util.SimpleByteSource; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * @author Edward P. Legaspi * @since October 15, 2012 */ world shape JdbcRealmImpl extends JdbcRealm { mortal static finally Logger log = LoggerFactory .getLogger(JdbcRealmImpl.class); protected String jndiDataSourceName; world JdbcRealmImpl() { } world String getJndiDataSourceName() { furnish jndiDataSourceName; } world void setJndiDataSourceName(String jndiDataSourceName) { this.jndiDataSourceName = jndiDataSourceName; this.dataSource = getDataSourceFromJNDI(jndiDataSourceName); } mortal DataSource getDataSourceFromJNDI(String jndiDataSourceName) { endeavor { InitialContext ic = novel InitialContext(); furnish (DataSource) ic.lookup(jndiDataSourceName); } grab (NamingException e) { log.error("JNDI fault piece retrieving " + jndiDataSourceName, e); throw novel AuthorizationException(e); } } @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { // position trouble organisation human relationship to log to UsernamePasswordToken userPassToken = (UsernamePasswordToken) token; String username = userPassToken.getUsername(); if (username == null) { log.debug("Username is null."); furnish null; } // read password hash in addition to tabular array salt from db PasswdSalt passwdSalt = getPasswordForUser(username); if (passwdSalt == null) { log.debug("No trouble organisation human relationship flora for user [" + username + "]"); furnish null; } // furnish salted credentials SimpleAuthenticationInfo information = novel SimpleAuthenticationInfo(username, passwdSalt.password, getName()); info.setCredentialsSalt(new SimpleByteSource(passwdSalt.salt)); furnish info; } mortal PasswdSalt getPasswordForUser(String username) { PreparedStatement tilt = null; ResultSet resultSet = null; Connection conn = null; endeavor { conn = dataSource.getConnection(); tilt = conn.prepareStatement(authenticationQuery); statement.setString(1, username); resultSet = statement.executeQuery(); boolean hasAccount = resultSet.next(); if (!hasAccount) furnish null; String tabular array salt = null; String password = resultSet.getString(1); if (resultSet.getMetaData().getColumnCount() > 1) tabular array salt = resultSet.getString(2); if (resultSet.next()) { throw novel AuthenticationException( "More than i user row flora for user [" + username + "]. Usernames must move unique."); } furnish novel PasswdSalt(password, salt); } grab (SQLException e) { finally String message = "There was a SQL fault piece authenticating user [" + username + "]"; if (log.isErrorEnabled()) { log.error(message, e); } throw novel AuthenticationException(message, e); } finally { JdbcUtils.closeResultSet(resultSet); JdbcUtils.closeStatement(statement); JdbcUtils.closeConnection(conn); } } shape PasswdSalt { world String password; world String salt; world PasswdSalt(String password, String salt) { super(); this.password = password; this.salt = salt; } } } And the iii model classes which basically contains:
User.java
@Entity @Table(name = "CRM_USERS") @SequenceGenerator(name = "ID_GENERATOR", sequenceName = "CRM_USERS_SEQ") world shape User implements Serializeable { mortal static finally long serialVersionUID = 6142315693769197546L; @Id @GeneratedValue(generator = "ID_GENERATOR") mortal Long id; @Column(name = "USERNAME", length = 50, unique = true) mortal String userName; @Column(name = "PASSWORD", length = 250) mortal String password; @Column(name = "SALT", length = 100) mortal String salt; @ManyToMany(fetch = FetchType.LAZY) @JoinTable(name = "CRM_USER_ROLES", joinColumns = @JoinColumn(name = "USER_ID"), inverseJoinColumns = @JoinColumn(name = "ROLE_ID")) mortal List roles = novel ArrayList(); } Role.java @Entity(name = "com.ctr.mdl.models.user.Role") @Table(name = "CRM_ROLES") @SequenceGenerator(name = "ID_GENERATOR", sequenceName = "CRM_ROLES_SEQ") world shape Role implements Serializable { mortal static finally long serialVersionUID = 6142315693769197546L; @Id @GeneratedValue(generator = "ID_GENERATOR") mortal Long id; @Column(name = "NAME", nullable = false, length = 50) mortal String name; @Column(name = "DESCRIPTION", nullable = false, length = 50) mortal String description; @ManyToMany(fetch = FetchType.LAZY) @JoinTable(name = "CRM_USER_ROLES", joinColumns = @JoinColumn(name = "ROLE_ID"), inverseJoinColumns = @JoinColumn(name = "USER_ID")) mortal List users = novel ArrayList(); } Permission.java @Entity @Table(name = "CRM_PERMISSIONS") @SequenceGenerator(name = "ID_GENERATOR", sequenceName = "CRM_PERMISSIONS_SEQ") world shape Permission implements Serializeable { mortal static finally long serialVersionUID = -2844386098501951453L; @Column(name = "ROLE", nullable = false) mortal String role; @Column(name = "ACTION", nullable = false, length = 1500) mortal String action; world String getRole() { furnish role; } } Reference: https://ngeblognow.blogspot.com//search?q=how-to-integrate-apache-shiro-with
Related:
Seam Security: https://ngeblognow.blogspot.com//search?q=how-to-integrate-apache-shiro-with
0 komentar:
Please comment if there are any that need to be asked.