分类 - Apache Shiro

? Apache Shiro ? ? Spring Mvc ?    2016-08-01 13:42:49    391    0    0

在Spring MVC中使用Apache Shiro安全框架

我们在这里将对一个集成了Spring MVC+Hibernate+Apache Shiro的项目进行了一个简单说明。这个项目将展示如何在Spring MVC 中使用Apache Shiro来构建我们的安全框架。

阅读文章前,您需要做以下准备:

  • Maven 3环境
  • Mysql-5.6+
  • JDK1.7+
  • git环境
  • git.oschina.net帐号
  • Apache Tomcat 7+
  • 您熟练掌握的编辑工具,推荐使用InterlliJ IDEA 14+

安全管理框架数据结构

首先,我们在mysql数据库中创建schema,命名为shirodemo。我们在创建两个用户shiroDemo@localhostshiroDemo@%,这里我们将用户的密码简单设置成123456。

然后,我们将项目从git服务器上clone到本地后,我们可以在项目根目录下的resources中发现db.sql文件。这个文件是项目的数据库结构文件,你可以将db.sql导入到数据库shirodemo中。

我们这里的权限结构设计比较简单,我们以表格的形式说明主要数据库结构:

Table:t_user

Name Type Length Describ
id int 11 用户表的主键
password varchar 255 密码
username varchar 255 用户名,全局唯一,shiro将使用用户名来锁定安全数据中的用户数据。

Table:t_role

N
? Apache Shiro ?    2016-07-25 13:49:52    306    0    0

From:Securing Web Applications with Apache Shiro

这个教程将一步一步的讲解如何在一个web应用中使用Apache Shiro来构建安全框架。阅读之前,我们假设您已经掌握或者阅读了如下两篇文章:

这篇文章的阅读时间大概在45分钟到1小时之间。在你阅读完这篇文章后,你也许会对如何在一个web应用中使用Apache Shiro有一个很好的了解。


目录

2016-07-13 18:32:57    306    0    0

If you’re new to Apache Shiro, this short tutorial will show you how to set up an initial and very simple application secured by Apache Shiro. We’ll discuss Shiro’s core concepts along the way to help familiarize you with Shiro’s design and API.

If you don’t want to actually edit files as you follow this tutorial, you can obtain a nearly identical sample application and reference it as you go. Choose a location:

Setup

In this simple example, we’ll create a very simple command-line application that will run and quickly exit, just so you can get a feel for Shiro’s API.

这是一个command-line application的例子,跟10分钟教程里的类似。什么是command-line application?可以简单理解为就是一个纯JAVA的程序。

Any Application
Apac
? Apache Shiro ?    2016-07-08 14:51:36    286    0    0

Introduction

【简介】:Apache Shiro十分钟教程,入门级教程,主要讲述shiro的API,使读者对API有一个大概的认识。从中我们也不难看出shiro是能够脱离容器和服务器运行的。

Welcome to Apache Shiro’s 10 Minute Tutoral!

By going through this quick and simple tutorial you should fully understand how a developer uses Shiro in their application. And you should be able to do it in under 10 minutes.

看完这个10分钟教程,你应该就会使用shiro了。让我们拭目以待吧。

Overview

What is Apache Shiro?

Apache Shiro is a powerful and easy to use Java security framework that offers developers an intuitive yet comprehensive solution to authentication, authorization, cryptography, and session management.

老生常谈安全框架四大基石。

In practical terms, it achieves to manage all facets of your application’s security, while keeping out of the way as much as possible. It is built on sound interface-driven design and OO principles, enabling custom behavior wherever you can imagine it. But with sensible defaults for everything, it is as “hands off”

? Apache Shiro ?    2016-07-07 15:42:39    293    0    0

Apache Shiro Terminology

Please just take 2 minutes to read and understand this - it is really important. Really. The terms and concepts here are referred to everywhere in the documentation and it will greatly simplify your understanding of Shiro and security in general.

编者建议花点时间来阅读本章内容,本章内容介绍了一些专业术语的概念,这些专业术语充斥着整个shiro文档中。了解这些专业术语的概念,有助于理解shiro和安全方面的知识。

Security can be really confusing because of the terminology used. We’ll make life easier by clarifying some core concepts and you’ll see how nicely the Shiro API reflects them:

安全框架很难理解,那是因为其中包含了很多专业术语。我们将阐述一些核心概念,帮助你轻松的了解shiro,并且揭示shiro api如何清晰的体现这些核心概念。

  • Authentication

    Authentication is the process of verifying a Subject’s identity - essentially proving that someone really is who they say they are. When an authentication attempt is successful the application can trust that the subject is guaranteed to be who the application expects.
    身份验证,是一个验证subject身份

? Apache Shiro ?    2016-07-07 13:29:03    379    0    0

What is Apache Shiro?

Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography.

Apache Shiro 是一个功能强大和灵活的开源安全框架,清晰的集成了身份认证、授权、企业级的会话管理和加密。

Apache Shiro’s first and foremost goal is to be easy to use and understand. Security can be very complex at times, even painful, but it doesn’t have to be. A framework should mask complexities where possible and expose a clean and intuitive API that simplifies the developer’s effort to make their application(s) secure.

Apache Shiro的首要目标是简单易用。应用的安全的设计有时是很复杂,甚至是痛苦的,Shiro并不是这样的。Shiro是一个尽可能隐藏其复杂性,并提供清晰和直管的API来简化开发工作的一个安全框架。

Here are some things that you can do with Apache Shiro:

以下是shiro可以实现的几方面功能

  • Authenticate a user to verify their identity

    验证用户身份

  • Perform access control for a user, such as:
    – Determine if a user is assigned a certain security role or not