1. 首页
  2. 问答
  3. 如何使用Apache Shiro 1.2-SNAPSHOT和Guice配置角色?

如何使用Apache Shiro 1.2-SNAPSHOT和Guice配置角色?

2011-09-28 81 views
2

我正在玩Shiro,想通过ShiroWebModule配置角色。如何使用Apache Shiro 1.2-SNAPSHOT和Guice配置角色?

addFilterChain("/**", AUTHC);

这个工程,我loginpage显示,我可以登录。

addFilterChain("/test/**", AUTHC, config(ROLES, "test")); //that does not seem to be the right way

没有。我可以作为访客访问/ guest/**和/ test/**。

我的模块:

public class HelloMavenShiroModule extends ShiroWebModule { 
    HelloMavenShiroModule(ServletContext sc) { 
     super(sc); 
    } 

    protected void configureShiroWeb() { 
     try { 
      bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class)); 
     } catch (NoSuchMethodException e) { 
      throw new RuntimeException("Code Problem.", e); 
     } 


     addFilterChain("/**", AUTHC); 
     addFilterChain("/guest/**", AUTHC, config(ROLES, "guest")); 
     addFilterChain("/test/**", AUTHC, config(ROLES, "[test]")); 

     //addFilterChain("/**", AUTHC); 
     bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/account/login.jsp"); 
     bindConstant().annotatedWith(Names.named("shiro.globalSessionTimeout")).to(30000L); 
     bindConstant().annotatedWith(Names.named("shiro.usernameParam")).to("user"); 
     bindConstant().annotatedWith(Names.named("shiro.passwordParam")).to("pass"); 
     bindConstant().annotatedWith(Names.named("shiro.rememberMeParam")).to("remember"); 
     bindConstant().annotatedWith(Names.named("shiro.successUrl")).to("/index.html"); 
     bindConstant().annotatedWith(Names.named("shiro.failureKeyAttribute")).to("helloMavenLoginFailure"); 
     bindConstant().annotatedWith(Names.named("shiro.unauthorizedUrl")).to("/account/denied.jsp"); 

     bind(AuthenticationFilter.class).to(VerboseFormAuthenticationFilter.class); 
     bind(CredentialsMatcher.class).to(HashedCredentialsMatcher.class); 
     bind(HashedCredentialsMatcher.class); 
     bindConstant().annotatedWith(Names.named("shiro.hashAlgorithmName")).to(Sha256Hash.ALGORITHM_NAME); 
    } 

    @Provides 
    Ini loadShiroIni() { 
     return Ini.fromResourcePath("classpath:shiro.ini"); 
    } 
}

的shiro.ini:

# ----------------------------------------------------------------------------- 
# Users and their (optional) assigned roles 
# username = password, role1, role2, ..., roleN 
# ----------------------------------------------------------------------------- 
[users] 
root = 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b, admin 
guest = 84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec, guest 

# ----------------------------------------------------------------------------- 
# Roles with assigned permissions 
# roleName = perm1, perm2, ..., permN 
# ----------------------------------------------------------------------------- 
[roles] 
admin = *

我知道这还没有发布,但也许它可能已经和我无法找到答案。

来源

2011-09-28 opncow

回答

4

我已经清理一切,尝试后发现自己再次事实证明:

addFilterChain("/test/**", AUTHC, config(ROLES, "test"));

已经做了正确的方式。我不知道是什么导致了问题,但现在只有具有“测试”角色的用户才能访问/ test /下的资源。那正是我想要的。

我现在很开心! :)

来源

2011-09-29 15:52:01 opncow

相关问题

 相关问题