Java 如何使用ApacheShiro 1.2-SNAPSHOT和Guice配置角色?
我正在使用Shiro,希望通过ShiroWebModule配置角色Java 如何使用ApacheShiro 1.2-SNAPSHOT和Guice配置角色?,java,dependency-injection,guice,shiro,Java,Dependency Injection,Guice,Shiro,我正在使用Shiro,希望通过ShiroWebModule配置角色 addFilterChain("/**", AUTHC); 这是可行的,我的登录页面显示,我可以登录 但是 没有。我可以作为来宾访问/guest/**和/test/** 我的模块: public class HelloMavenShiroModule extends ShiroWebModule { HelloMavenShiroModule(ServletContext sc) { super(sc)
addFilterChain("/**", AUTHC);
这是可行的,我的登录页面显示,我可以登录
但是
没有。我可以作为来宾访问/guest/**和/test/**
我的模块:
public class HelloMavenShiroModule extends ShiroWebModule {
HelloMavenShiroModule(ServletContext sc) {
super(sc);
}
protected void configureShiroWeb() {
try {
bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
} catch (NoSuchMethodException e) {
throw new RuntimeException("Code Problem.", e);
}
addFilterChain("/**", AUTHC);
addFilterChain("/guest/**", AUTHC, config(ROLES, "guest"));
addFilterChain("/test/**", AUTHC, config(ROLES, "[test]"));
//addFilterChain("/**", AUTHC);
bindConstant().annotatedWith(Names.named("shiro.loginUrl")).to("/account/login.jsp");
bindConstant().annotatedWith(Names.named("shiro.globalSessionTimeout")).to(30000L);
bindConstant().annotatedWith(Names.named("shiro.usernameParam")).to("user");
bindConstant().annotatedWith(Names.named("shiro.passwordParam")).to("pass");
bindConstant().annotatedWith(Names.named("shiro.rememberMeParam")).to("remember");
bindConstant().annotatedWith(Names.named("shiro.successUrl")).to("/index.html");
bindConstant().annotatedWith(Names.named("shiro.failureKeyAttribute")).to("helloMavenLoginFailure");
bindConstant().annotatedWith(Names.named("shiro.unauthorizedUrl")).to("/account/denied.jsp");
bind(AuthenticationFilter.class).to(VerboseFormAuthenticationFilter.class);
bind(CredentialsMatcher.class).to(HashedCredentialsMatcher.class);
bind(HashedCredentialsMatcher.class);
bindConstant().annotatedWith(Names.named("shiro.hashAlgorithmName")).to(Sha256Hash.ALGORITHM_NAME);
}
@Provides
Ini loadShiroIni() {
return Ini.fromResourcePath("classpath:shiro.ini");
}
}
shiro.ini:
# -----------------------------------------------------------------------------
# Users and their (optional) assigned roles
# username = password, role1, role2, ..., roleN
# -----------------------------------------------------------------------------
[users]
root = 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b, admin
guest = 84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec, guest
# -----------------------------------------------------------------------------
# Roles with assigned permissions
# roleName = perm1, perm2, ..., permN
# -----------------------------------------------------------------------------
[roles]
admin = *
我知道它还没有发布,但可能已经发布了,我就是找不到。我发现自己在清理了所有东西并再次尝试后发现:
addFilterChain("/test/**", AUTHC, config(ROLES, "test"));
这已经是正确的方法了。我不知道是什么导致了这个问题,但是现在只有具有“test”角色的用户才允许访问/test/下的资源!这正是我想要的
我现在很高兴!:)
addFilterChain("/test/**", AUTHC, config(ROLES, "test"));