Blog do projektu Open Source JavaHotel

niedziela, 31 marca 2013

Shiro and JdbcRealm

Introduction
I started playing with Shiro security framework but soon got a little upset that it was not easy to learn how to setup a jdbcrealm. It took me some time to configure such a realm in the simplest possible way without introducing any new instances of additional objects. Warning: this solution is not safe because it stores credentials unsecured and should be used only for evaluation.
So I created a simple java code which allows to execute Shiro introductional tutorial and achieve the same result.
Solution (using Derby database)
shiro.ini (pay attention to the last line necessary to recognize permissions)
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
 
ds = org.apache.derby.jdbc.EmbeddedDataSource
ds.user = APP
ds.password = APP
ds.connectionAttributes=databaseName=nameofDatabase
ds.databaseName=/tmp/realm;create=true
jdbcRealm.dataSource=$ds

;cacheManager=org.apache.shiro.cache.ehcache.EhCacheManager 
;cacheManager.cacheManagerConfigFile=classpath:ehcache.xml
;securityManager.cacheManager=$cacheManager

jdbcRealm.permissionsLookupEnabled=true
Java code
  private static String[] dropSchema = { "DROP TABLE USERS",
            "DROP TABLE USER_ROLES", "DROP TABLE ROLES_PERMISSIONS" };

    private static String[] createSchema = {
            "CREATE TABLE USERS (USERNAME VARCHAR(128), PASSWORD VARCHAR(128))",
            "CREATE TABLE USER_ROLES (USERNAME VARCHAR(128), ROLE_NAME VARCHAR(128))",
            "CREATE TABLE ROLES_PERMISSIONS (ROLE_NAME VARCHAR(128), PERMISSION VARCHAR(128))" };

    private static String[] insertData = {
            "INSERT INTO USERS VALUES('root','secret')",
            "INSERT INTO USERS VALUES('presidentskroob','12345')",
            "INSERT INTO USERS VALUES('darkhelmet','ludicrousspeed')",
            "INSERT INTO USERS VALUES('lonestarr','vespa')",
            "INSERT INTO USER_ROLES VALUES('root','admin')",
            "INSERT INTO USER_ROLES VALUES('presidentskroob', 'president')",
            "INSERT INTO USER_ROLES VALUES('darkhelmet','darklord')",
            "INSERT INTO USER_ROLES VALUES('darkhelmet','schwartz')",
            "INSERT INTO USER_ROLES VALUES('lonestarr','goodguy')",
            "INSERT INTO USER_ROLES VALUES('lonestarr','schwartz')",
            "INSERT INTO ROLES_PERMISSIONS VALUES('admin','*')",
            "INSERT INTO ROLES_PERMISSIONS VALUES('schwartz','lightsaber:*')",
            "INSERT INTO ROLES_PERMISSIONS VALUES('goodguy','winnebago:drive:eagle5')" };

    private static void executeSQL(Connection con, String[] sql)
            throws SQLException {
        for (String s : sql) {
            con.createStatement().execute(s);
        }
    }

    private static void executeSQLE(Connection con, String[] sql) {
        for (String s : sql) {
            try {
                con.createStatement().execute(s);
            } catch (SQLException e) {
                continue;
            }
        }
    }

    private static void createDB() {
        EmbeddedDataSource ds = new EmbeddedDataSource();
        ds.setDatabaseName("/tmp/realm;create=true");
        ds.setUser("APP");
        ds.setPassword("APP");
        Connection con = null;
        try {
            con = ds.getConnection();
            executeSQLE(con, dropSchema);
            executeSQL(con, createSchema);
            executeSQL(con, insertData);
            con.close();
        } catch (SQLException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }

    /**
     * @param args
     */
    public static void main(String[] args) {
        createDB();

        // The easiest way to create a Shiro SecurityManager with configured
        // realms, users, roles and permissions is to use the simple INI config.
        // We'll do that by using a factory that can ingest a .ini file and
        // return a SecurityManager instance:

        // Use the shiro.ini file at the root of the classpath
        // (file: and url: prefixes load from files and urls respectively):


.................. rest of the tutorial code ..............

1 komentarz:

  1. Remarkable issues here. I am very glad to see your post.
    Thanks so much and I am having a look forward to contact you.
    Will you please drop me a mail?

    Look into my weblog ... how to make some extra money

    OdpowiedzUsuń