Java Apache Shiro - 使用数据库读取用户、角色和权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18728360/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Apache Shiro - using database to read users, roles and permissions
提问by Abstract
Currently I've a Swing app and I wan't to integrate Apache Shiro in order to authenticate and delegate permissions to certain roles. I've already managed to read the users from the shiro.ini file that I've created for tests, it looks something like this:
目前我有一个 Swing 应用程序,但我不想集成 Apache Shiro 以对某些角色进行身份验证和委派权限。我已经设法从我为测试创建的 shiro.ini 文件中读取用户,它看起来像这样:
[users]
admin = 123456, Administrator
[role]
Administrator = *:*:*
However this was just for testing, now I need to read the permits from a database so I've stored in a database a table with the info I need and it looks something like this:
然而,这只是为了测试,现在我需要从数据库中读取许可证,所以我在数据库中存储了一个包含我需要的信息的表,它看起来像这样:
users (id,password,username)
userRoles (userId, role)
rolePermission (permissionID,permission,roleID)
I've been trying to understand tutorials that use a JDBC realm, however they use web applications or specials frameworks to manage their connection to the Database like Apache Derby or BoneCP, and they confuse me even more with theseexamples.
我一直在尝试理解使用 JDBC 领域的教程,但是它们使用 Web 应用程序或特殊框架来管理它们与数据库的连接,例如 Apache Derby 或 BoneCP,它们使我对这些示例更加困惑。
So what I'm asking it's how I need to configure the shiro.ini file if I wanna use a JDBC realm (with an Oracle database) and what classes the shiro.ini needs. Any examples or explanation will be appreciated!
所以我要问的是,如果我想使用 JDBC 领域(带有 Oracle 数据库)以及 shiro.ini 需要哪些类,我需要如何配置 shiro.ini 文件。任何示例或解释将不胜感激!
采纳答案by Sotirios Delimanolis
The Realminterface is a
该Realm接口是一个
security component that can access application-specific security entities such as users, roles, and permissions to determine authentication and authorization operations.
可以访问特定于应用程序的安全实体(例如用户、角色和权限)以确定身份验证和授权操作的安全组件。
You can implement it to interact with any source for finding users and their permissions. If you want to interact with an SQL-based database, you can do that. If you want to interact with a text file, you can do that. If you want to interact with a web service, you can do that, too.
您可以实现它以与任何来源交互以查找用户及其权限。如果您想与基于 SQL 的数据库交互,您可以这样做。如果您想与文本文件交互,您可以这样做。如果您想与 Web 服务交互,也可以这样做。
There are two useful (almost necessary) extensions of Realmwhich are AuthenticatingRealmand AuthorizingRealm. They provide an interface for authentication and authorization services, respectively. AuthorizingRealmextends AuthenticatingRealm. You should extend AuthorizingRealmto implement your own authenticating and authorizing logic.
有两个有用的(几乎是必要的)扩展名Realm是AuthenticatingRealm和AuthorizingRealm。它们分别为身份验证和授权服务提供接口。AuthorizingRealm延伸AuthenticatingRealm。您应该扩展AuthorizingRealm以实现您自己的身份验证和授权逻辑。
Take an example: You have a database with a table Accountsas
举个例子:你有一个数据库表Accounts为
username | password | role
a table Permissionsas
一张桌子Permissions作为
permission_id | permission_name
and a table Account_Permissions
和一张桌子 Account_Permissions
username | permission_id
In other words, an Accountcan have one role, but multiple permissions. With JDBC you can very easily query such a database and retrieve usernames, passwords, roles, and permissions. Your implementation of AuthorizingRealmwould do just that and construct objects expected by Shiro's API.
换句话说,Account一个角色可以有一个角色,但有多个权限。使用 JDBC,您可以非常轻松地查询此类数据库并检索用户名、密码、角色和权限。您的实现AuthorizingRealm将做到这一点并构造 Shiro 的 API 所期望的对象。
Read this documenton Shiro's authentication sequence to understand where the AuthenticatingRealmcomes in.
阅读有关 Shiro 身份验证序列的文档以了解其AuthenticatingRealm来源。
As for the INIfile, depending on how you implement your Realm, you would need to declare it as
至于INI文件,根据您实现的方式Realm,您需要将其声明为
myRealm = com.company.security.shiro.YourDatabaseRealm
possibly settings some properties
可能设置一些属性
myRealm.databaseName = account_database
Shiro provides its own JdbcRealmclass which extends AuthorizingRealm. This class makes some assumptions on the structure of your database, but you can customize it.
Shiro 提供了自己的JdbcRealm类,它扩展了AuthorizingRealm. 此类对数据库的结构做了一些假设,但您可以对其进行自定义。
