shiro | integrating Shiro into SSM to control the authority | Security Framework library
kandi X-RAY | shiro Summary
kandi X-RAY | shiro Summary
integrating `Shiro` into SSM to control the authority management :bowtie:
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of shiro
shiro Key Features
shiro Examples and Code Snippets
@Bean
public ShiroFilterChainDefinition filterChainDefinition() {
DefaultShiroFilterChainDefinition filter
= new DefaultShiroFilterChainDefinition();
filter.addPathDefinition("/secure", "authc");
filter.addPathD
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition filter = new DefaultShiroFilterChainDefinition();
filter.addPathDefinition("/home", "authc");
filter.addPathDefiniti
public static void main(String... args) {
SpringApplication.run(ShiroApplication.class, args);
}
Community Discussions
Trending Discussions on shiro
QUESTION
A few releases ago of my website, I started getting the following warnings showing up in my error logs over and over again.
...ANSWER
Answered 2021-Apr-03 at 13:20I'm going to make some guesses assumptions.
- That message was logged, but the request did not fail?
- you recently updated from Shiro < 1.4.2 ?
If so it sounds like this could be related to CVE-2019-12422 The default remember-me encryption format had changed because of this. While we recommend you do not revert back to the previous format, there are instructions on how to do that in this issue: https://issues.apache.org/jira/browse/SHIRO-730
QUESTION
I'm using Shiro 1.7.1 and Guice 4.2.3, below is the snippet of my POM file,
...ANSWER
Answered 2021-Mar-29 at 00:51Sounds like your problem is related to Guice 4, and less about Shiro. Instead of re-using the same binding key, define a new one, something like:
QUESTION
I am using Apacheknox version 1.0.0. I have tried to authenticate knox uiusing Ldap user. I have tried with following changes in knox
...ANSWER
Answered 2021-Jan-31 at 17:59LDAP: error code 49 - INVALID_CREDENTIALS
Means, three things, Username/password is incorrect or the account is locked. You are having this error for Bind user
.
You need to verify you systemUsername and systemPassword in configured topology.
A tool ldapsearch
can be useful to verify credentials for Bind user.
main.ldapRealm.userDnTemplate should be like following
QUESTION
I have the requirement that only certain user roles should be allowed to log in. The set of roles may change at runtime.
...ANSWER
Answered 2021-Jan-19 at 15:14You may want to consider user behavior here. If your webapp makes it look like a user was unable to logout, (IMHO) the first thing the user will do is try again, the second thing is they will call the help desk and try to reset their password.
This depends on your actual application, (so take this with a grain of salt). I'd suggest letting the user login and then blocking access e.g. show a 403 page with a ("You shall not pass" warning), or show a 404 (this is what GitHub does as it does NOT leak information that a valid page exists).
This also simplifies the Shiro implementation, just require a role/permission for your routes.
QUESTION
I am using zeppelin, and mostly my focus of exploration is on JDBC interpreter.
We want to provide a web interface for accessing the DB.
Intend is each user would login to Zeppelin, create its own credentials that should pass to jdbc interpreter.
So interpreter should be a shared one but DB connection should be based on each individual credential
Is this possible? Considering my users authentication is jdbc-realm
Referring document: https://zeppelin.apache.org/docs/0.9.0/setup/security/datasource_authorization.html
My shiro.ini:
...ANSWER
Answered 2021-Jan-08 at 18:26As per ZEPPELIN-5184 and PR-4008, In 0.9.0, we need to define just the interpreter name in credentials.
Check ZEPPELIN-5189 for more details.
QUESTION
I am using ActiveMQ 5.16.0 downloaded from Apache. I see a few of the jars are older versions which have vulnerabilities, e.g.:
- com.google.guava_guava 19.0
- core_jackson-databind 2.9.10.4
- shiro-core 1.5.3
- log4j-1.2.17
I see all above vulnerable jars are located under apache-activemq-5.16.0\lib\optional\
. What is use of jars under the optional
directory? Is there any latest release of ActiveMQ which has all latest dependencies?
ANSWER
Answered 2021-Jan-07 at 18:24Optional dependencies are just that: Optional.
Using Shiro in your case as reference.
Optional Dependencies: Typically an optional dependency is not required for the core functionality of the library you are referencing. In this case, Shiro is only required if you intend to make use of Apache Shiro features or functionality. Shiro is used for security and therefore makes sense that it will not be used by everyone making use of ActiveMQ.
Versions: Many times (not always) optional dependency versions are not set in stone and it may be possible to use newer versions without breaking the functionality. This is not always the case, so if you aim to do this, start with the preferred version and only upgrade after the functionality is working to test.
Vulnerabilities: Simply because a vulnerability exists, does not make it applicable to your use case. Just because there is a known vulnerability in a dependency that can do XYZ, it will likely not affect you if your use case does not make use of XYZ. A security report such as the Apache Shiro one could help in understanding this.
Additionally: I would suggest that you look into Maven or Gradle for your Java projects. This will take away some of the need to worry about these types of dependency management issues as optional dependecies are not included in the dependecy hierarchy by default.
QUESTION
##Shiro config file
##IronOne Technologies (Pvt) Ltd
[main]
##creating the realm
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
## jdbcRealm.authenticationQuery = SELECT password FROM users WHERE username = ?
## jdbcRealm.userRolesQuery = SELECT rolename FROM userroles WHERE username = ?
## jdbcRealm.permissionsQuery = SELECT permission FROM rolepermissions WHERE roleid=(SELECT roleid from roles where rolename= ? )
jdbcRealm.authenticationQuery = SELECT password FROM users WHERE UPPER(LOGIN_ID) = UPPER(?)
jdbcRealm.userRolesQuery = SELECT ROLE_ID FROM users WHERE UPPER(LOGIN_ID) = UPPER(?)
##jdbcRealm.connectionTmeout = 60
##connection pooling and database access through apache commons dbcp
## ds = src.com.ironone.backoffice.controller.shiro.ShiroBasicDataSource
ds = org.apache.commons.dbcp.BasicDataSource
ds.driverClassName = oracle.jdbc.driver.OracleDriver
ds.username=BACKOFFICE
ds.password =backoffice
ds.url = jdbc:oracle:thin:@192.168.25.27:1521:orcl
securityManager.rememberMeManager.cipherKey = kPH+bIxk5D2deZiIxcaaaA==
##adding the data source to the realm earlier configured
jdbcRealm.dataSource = $ds
##password encryption is done by sha256 encryption algorithm provided by shiro api
Md5Matcher = org.apache.shiro.authc.credential.Md5CredentialsMatcher
jdbcRealm.credentialsMatcher = $Md5Matcher
##configuring security manager to use the realm configured earlier
securityManager.realms=$jdbcRealm
##Caching mechanism is dome by a third party chaching api called ehcache
##adding the chaching support to the security manager
## cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
## securityManager.cacheManager = $cacheManager
## rememberMeManager = src.com.ironone.backoffice.controller.shiro.MyRememberMeManager
## securityManager.rememberMeManager = $rememberMeManager
## sessionManager = src.com.ironone.backoffice.controller.shiro.CustomSecurityManager
logout = src.com.ironone.backoffice.controller.shiro.MyLogoutFilter
[filters]
## authcBasic.loginUrl =/home_
## authcBasic.successUrl = /home
## logout.redirectUrl =/logoutc
##url section is used to set permissions to specific urls
[urls]
/logout = logout
/login = anon
/= anon
/login.jsp = anon
/home=anon
/jquery.js = anon
/js/shiro_logout.js = anon
/atrad_style.css = anon
/FooterFile.css = anon
/Img/loginImage/* = anon
/Img/top_bck.gif = anon
/Img/top_curve_front.gif = anon
/Img/atrad_backOffice_logo.png = anon
/Img/top_curve_end.gif = anon
/Img/nav_panel_bck.jpg = anon
/Img/but_bck.jpg = anon
/LoginController=anon
/login_=anon
/js = anon
/** = authc
## /** = authcBasic
...ANSWER
Answered 2020-Dec-03 at 03:57I add ds.validationQuery = select 1 from dual
part to shiro.ini file so bug was fixed
QUESTION
I have a login form that gets redirected to a servlet upon success. I am using apache shiro for authentication and I am trying to extract the username submitted by my form so I can use it in my servlet. I'm wondering if shiro already has these values stored in a session. if so, how do I extract these so I can use them in my servlet? I have tried putting a form action on my form and extracting the username using request.getParameter("username")
in my servlet but it doesn't seem to work when using shiro. I have read the shiro documentation and read similar questions also. I'm still unsure about where to actually configure and extract session variables. Is it in shiro.ini
or in my servlet?
shiro.ini
...ANSWER
Answered 2020-Nov-30 at 15:55If you are using JSPs you could use the Shiro Tag lib
OR
Calling request.getUserPrincipal().getName()
should return the Subject's username.
OR
You can likely get the info you need from calling Subject.getPrincpal()
too, though this depends on the implementation of your realms.
QUESTION
I want to add a session listener (org.apache.shiro.session.SessionListener
) to SessionManager
. As I found out when shiro web is used then by default the implementation of SessionManager
is ServletContainerSessionManager
. However, I didn't find any methods to add listeners in ServletContainerSessionManager
. Could anyone say how to add this listener?
ANSWER
Answered 2020-Nov-23 at 20:01The ServletContainerSessionManager
is just a wrapper around the session management your Servlet container provides. If you want to use Shiro's SessionListner
you would need to use a different SessionManager
implementation, such as DefaultWebSessionManager
QUESTION
I use the following configuration and code to create a spring boot application.
pom.xml:
...ANSWER
Answered 2020-Nov-18 at 06:08Spring's complaint is that you haven't defined a Bean of type ProjectMapper
, which it is saying that it needs to satisfy an Autowire request. Looking at your code, I don't see a definition for such a Bean in what you've shown us here.
The exact point of the problem is hidden, I'm guessing, because you aren't showing us the definition of the ServiceImpl
class. My guess is that that's where the actual reference is that Spring is trying to wire up. Apparently, the field name is baseMapper
.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
Install shiro
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page