冷湘宇 Coldxiangyu's blog

shiro简介

2017-04-13
WEB

shiro是apache众多开源项目之一,是一个功能强大且易于使用的java安全框架,可执行身份验证、授权、加密和session管理。web应用不论大小,都可以非常便捷的应用shiro。
github:https://github.com/apache/shiro
十分钟了解教程:http://shiro.apache.org/10-minute-tutorial.html

我们通过shiro提供的webapp【apache-shiro-tutorial-webapp】例子来看一下:
首先将这个例子https://github.com/lhazlewood/apache-shiro-tutorial-webapp fork到自己的github.
在本地git资源目录clone工程:

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~
$ cd git

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~/git
$ ls
fastjson/  hairwechat/

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~/git
$ git clone git@github.com:coldxiangyu/apache-shiro-tutorial-webapp.git
Cloning into 'apache-shiro-tutorial-webapp'...
remote: Counting objects: 230, done.
remote: Total 230 (delta 0), reused 0 (delta 0), pack-reused 230
Receiving objects: 100% (230/230), 37.32 KiB | 6.00 KiB/s, done.
Resolving deltas: 100% (86/86), done.

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~/git
$ ls
apache-shiro-tutorial-webapp/  fastjson/  hairwechat/

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~/git
$

然后进入到我们刚刚clone的工程目录,查看目录结构

apache-shiro-tutorial-webapp/
|-- src/
|  |-- main/
|    |-- resources/
|      |-- logback.xml
|    |-- webapp/
|      |-- WEB-INF/
|        |-- web.xml
|      |-- home.jsp
|      |-- include.jsp
|      |-- index.jsp
|-- .gitignore
|-- .travis.yml
|-- LICENSE
|-- README.md
|-- pom.xml

使用内嵌的jetty启动工程:

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~
$ cd git

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~/git
$ cd apache-shiro-tutorial-webapp/

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~/git/apache-shiro-tutorial-webapp (master)
$ java -version
java version "1.8.0_20"
Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
Java HotSpot(TM) 64-Bit Server VM (build 25.20-b23, mixed mode)

coldxiangyu@DESKTOP-4HT5OV3 MINGW64 ~/git/apache-shiro-tutorial-webapp (master)
$ mvn jetty:run
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Apache Shiro Tutorial Webapp 1.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] >>> jetty-maven-plugin:9.3.11.v20160721:run (default-cli) > test-compile @ apache-shiro-tutorial-webapp >>>
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ apache-shiro-tutorial-webapp ---
[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 1 resource
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ apache-shiro-tutorial-webapp ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ apache-shiro-tutorial-webapp ---
[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory C:\Users\coldxiangyu\git\apache-shiro-tutorial-webapp\src\test\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ apache-shiro-tutorial-webapp ---
[INFO] No sources to compile
[INFO]
[INFO] <<< jetty-maven-plugin:9.3.11.v20160721:run (default-cli) < test-compile @ apache-shiro-tutorial-webapp <<<
[INFO]
[INFO]
[INFO] --- jetty-maven-plugin:9.3.11.v20160721:run (default-cli) @ apache-shiro-tutorial-webapp ---
[INFO] Logging initialized @3530ms
[INFO] Configuring Jetty for project: Apache Shiro Tutorial Webapp
[INFO] webAppSourceDirectory not set. Trying src\main\webapp
[INFO] Reload Mechanic: automatic
[INFO] Classes = C:\Users\coldxiangyu\git\apache-shiro-tutorial-webapp\target\classes
[INFO] Context path = /
[INFO] Tmp directory = C:\Users\coldxiangyu\git\apache-shiro-tutorial-webapp\target\tmp
[INFO] Web defaults = org/eclipse/jetty/webapp/webdefault.xml
[INFO] Web overrides =  none
[INFO] web.xml file = file:///C:/Users/coldxiangyu/git/apache-shiro-tutorial-webapp/src/main/webapp/WEB-INF/web.xml
[INFO] Webapp directory = C:\Users\coldxiangyu\git\apache-shiro-tutorial-webapp\src\main\webapp
[INFO] jetty-9.3.11.v20160721
[INFO] Scanning elapsed time=1012ms
[INFO] Started o.e.j.m.p.JettyWebAppContext@15923407{/,file:///C:/Users/coldxiangyu/git/apache-shiro-tutorial-webapp/src/main/webapp/,AVAILABLE}{file:///C:/Users/coldxiangyu/git/apache-shiro-tutorial-webapp/src/main/webapp/}
[INFO] Started ServerConnector@c6634d{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}
[INFO] Started @5678ms
[INFO] Started Jetty Server

这里要注意一点,官网提到的java版本是1.7,在实际测试过程中使用了1.8,1.7会报错。
启动成功之后,打开http://localhost:8080/,出现Hello,World!
image_1bh1mn6mf1f2319kvhgtf2c2j09.png-13.1kB

之后我们git切换到step1分支

git checkout step1

我们发现
1 新增了src/main/webapp/WEB-INF/shiro.ini文件
2 src/main/webapp/WEB-INF/web.xml 发生了改变 image_1bh1n8ks61qce1bgv12simoh1rdjm.png-16.7kB

cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

此处定义了cacheManager缓存实例,以及使用的类,此处用的是MemoryConstrainedCacheManager
而web.xml则增加了shiro的监听和过滤: image_1bh1nlhme1podi7t1ii6q4lb0q13.png-59.1kB

<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>

<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

通过web.xml就看得很清楚了,shiro跟其他的一些插件类工具都是同样的套路。首先Listener定义:EnvironmentLoaderListener肯定是ServletContextListener的子类,用来启动自身功能,且加载shiro.ini配置文件。
Filter过滤所有请求,也因此shiro可以总控整个应用。
我们再次启动工程查看日志:

$ mvn jetty:run
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Apache Shiro Tutorial Webapp 1.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] >>> jetty-maven-plugin:9.3.11.v20160721:run (default-cli) > test-compile @ apache-shiro-tutorial-webapp >>>
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ apache-shiro-tutorial-webapp ---
[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 1 resource
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ apache-shiro-tutorial-webapp ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ apache-shiro-tutorial-webapp ---
[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory C:\Users\coldxiangyu\git\apache-shiro-tutorial-webapp\src\test\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ apache-shiro-tutorial-webapp ---
[INFO] No sources to compile
[INFO]
[INFO] <<< jetty-maven-plugin:9.3.11.v20160721:run (default-cli) < test-compile @ apache-shiro-tutorial-webapp <<<
[INFO]
[INFO]
[INFO] --- jetty-maven-plugin:9.3.11.v20160721:run (default-cli) @ apache-shiro-tutorial-webapp ---
[INFO] Logging initialized @3804ms
[INFO] Configuring Jetty for project: Apache Shiro Tutorial Webapp
[INFO] webAppSourceDirectory not set. Trying src\main\webapp
[INFO] Reload Mechanic: automatic
[INFO] Classes = C:\Users\coldxiangyu\git\apache-shiro-tutorial-webapp\target\classes
[INFO] Context path = /
[INFO] Tmp directory = C:\Users\coldxiangyu\git\apache-shiro-tutorial-webapp\target\tmp
[INFO] Web defaults = org/eclipse/jetty/webapp/webdefault.xml
[INFO] Web overrides =  none
[INFO] web.xml file = file:///C:/Users/coldxiangyu/git/apache-shiro-tutorial-webapp/src/main/webapp/WEB-INF/web.xml
[INFO] Webapp directory = C:\Users\coldxiangyu\git\apache-shiro-tutorial-webapp\src\main\webapp
[INFO] jetty-9.3.11.v20160721
[INFO] Scanning elapsed time=1138ms
[INFO] Initializing Shiro environment
14:49:23.105 [main] INFO  o.a.shiro.web.env.EnvironmentLoader - Starting Shiro environment initialization.
14:49:23.776 [main] INFO  o.a.shiro.web.env.EnvironmentLoader - Shiro environment initialized in 668 ms.
[INFO] Started o.e.j.m.p.JettyWebAppContext@15923407{/,file:///C:/Users/coldxiangyu/git/apache-shiro-tutorial-webapp/src/main/webapp/,AVAILABLE}{file:///C:/Users/coldxiangyu/git/apache-shiro-tutorial-webapp/src/main/webapp/}
[INFO] Started ServerConnector@6a472566{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}
[INFO] Started @7237ms
[INFO] Started Jetty Server

与之前进行对比,多了初始化shiro环境的过程:

14:49:23.105 [main] INFO  o.a.shiro.web.env.EnvironmentLoader - Starting Shiro environment initialization.
14:49:23.776 [main] INFO  o.a.shiro.web.env.EnvironmentLoader - Shiro environment initialized in 668 ms.

接下来我们checkout step2 分支:

git checkout step2

在之前,我们已经将shiro集成到我们的工程中,但是没有让shiro做任何事,用到shiro,说明我们需要用户,也就是users,这样我们才能验证权限以及一系列的安全操作
在此之前还需要了解一下realms的概念,姑且先将它翻译为领域,我们知道,在用户登录授权的过程中,需要读取许多数据进行交互,这时候shiro必然需要从不同的域中查找不同的数据,shiro用到了realms,这些realms是可配置的,我们可以从配置文件中获取数据,也可以从数据库中获取数据,也可以从LDAP中获取数据,而且你还可以根据需要定义自己的realms
以下是shiro核心架构图: image_1bh1p2s6r4s91mtg1kbc1q6vdh1g.png-165.7kB 我们采用INI的realms方式,方便测试。


Comments

Content