想法
我需要使用 Spring MVC 和 Shiro 作为安全框架来开发一个 Web 应用程序。
要求
将用户名、密码、角色等存储在数据库中。数据库架构:
authorities[id, authorty_name]
role[id, role_name]
role_authorities_map[authority.id, role.id]
user[id, username, password]
user_rol_map[user.id, role_id]
密码应在表中进行散列和加盐处理。
Web 应用程序中的 Shiro Filter 应该是 DeligatingFilterProxy 以利用 Spring 的配置机制
除 /login 之外的所有请求都应该进行身份验证,例如,
/** = authc
/login = anon
/admin/** = authc, admin
如果身份验证成功,框架应路由到 /dashboard
所有的 URL 都由名为 MainController 的 Spring 控制器处理。
问题
我们如何解决上述需求?什么配置对应什么文件?
请帮忙。
Idea
I need to develop a web application using Spring MVC with Shiro as Security Framework.
Requirements
The usernames, passwords, roles etc to be stored in a database. Database Schema:
authorities[id, authorty_name]
role[id, role_name]
role_authorities_map[authority.id, role.id]
user[id, username, password]
user_rol_map[user.id, role_id]
The Password should be hashed and salted in the table.
Shiro Filter in web application should be DeligatingFilterProxy to utilize Spring's configuration mechanisms
All requests should be authenticated except /login, e.g.
/** = authc
/login = anon
/admin/** = authc, admin
If the authentication is successful, the framework should route to /dashboard
All URLs are processed by Spring Controller called MainController
Problem
How do we solve above requirements? What configuration goes to what file?
Please help.
发布评论
评论(1)
我发现这个网站非常有用
http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-forming-JSecurity--A-Beginners--Tutorial-Part- 2
检查一下
I found this website quite use
http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-2
Check it out