Shiro Spring JDBCRealm Authentication and Authorization
Idea
I need to develop a web application using Spring MVC with Shiro as Security Framework.
Requirements
The usernames, passwords, roles etc to be stored in a database. Database Schema:
authorities[id, authorty_name]
role[id, role_name]
role_authorities_map[authority.id, role.id]
user[id, username, password]
user_rol_map[user.id, role_id]
The Password should be hashed and salted in the table.
Shiro Filter in web application should be DeligatingFilterProxy
to utilize Spring's configuration mechanisms
All requests should be aut开发者_C百科henticated except /login, e.g.
/** = authc
/login = anon
/admin/** = authc, admin
If the authentication is successful, the framework should route to /dashboard
All URLs are processed by Spring Controller called MainController
Problem
How do we solve above requirements? What configuration goes to what file?
Please help.
I found this website quite use
http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-2
Check it out
精彩评论