I started playing with Shiro security framework but soon got a little upset that it was not easy to learn how to setup a jdbcrealm. It took me some time to configure such a realm in the simplest possible way without introducing any new instances of additional objects. Warning: this solution is not safe because it stores credentials unsecured and should be used only for evaluation.
So I created a simple java code which allows to execute Shiro introductional tutorial and achieve the same result.
Solution (using Derby database)
shiro.ini (pay attention to the last line necessary to recognize permissions)
[main] jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm ds = org.apache.derby.jdbc.EmbeddedDataSource ds.user = APP ds.password = APP ds.connectionAttributes=databaseName=nameofDatabase ds.databaseName=/tmp/realm;create=true jdbcRealm.dataSource=$ds ;cacheManager=org.apache.shiro.cache.ehcache.EhCacheManager ;cacheManager.cacheManagerConfigFile=classpath:ehcache.xml ;securityManager.cacheManager=$cacheManager jdbcRealm.permissionsLookupEnabled=trueJava code
private static String[] dropSchema = { "DROP TABLE USERS", "DROP TABLE USER_ROLES", "DROP TABLE ROLES_PERMISSIONS" }; private static String[] createSchema = { "CREATE TABLE USERS (USERNAME VARCHAR(128), PASSWORD VARCHAR(128))", "CREATE TABLE USER_ROLES (USERNAME VARCHAR(128), ROLE_NAME VARCHAR(128))", "CREATE TABLE ROLES_PERMISSIONS (ROLE_NAME VARCHAR(128), PERMISSION VARCHAR(128))" }; private static String[] insertData = { "INSERT INTO USERS VALUES('root','secret')", "INSERT INTO USERS VALUES('presidentskroob','12345')", "INSERT INTO USERS VALUES('darkhelmet','ludicrousspeed')", "INSERT INTO USERS VALUES('lonestarr','vespa')", "INSERT INTO USER_ROLES VALUES('root','admin')", "INSERT INTO USER_ROLES VALUES('presidentskroob', 'president')", "INSERT INTO USER_ROLES VALUES('darkhelmet','darklord')", "INSERT INTO USER_ROLES VALUES('darkhelmet','schwartz')", "INSERT INTO USER_ROLES VALUES('lonestarr','goodguy')", "INSERT INTO USER_ROLES VALUES('lonestarr','schwartz')", "INSERT INTO ROLES_PERMISSIONS VALUES('admin','*')", "INSERT INTO ROLES_PERMISSIONS VALUES('schwartz','lightsaber:*')", "INSERT INTO ROLES_PERMISSIONS VALUES('goodguy','winnebago:drive:eagle5')" }; private static void executeSQL(Connection con, String[] sql) throws SQLException { for (String s : sql) { con.createStatement().execute(s); } } private static void executeSQLE(Connection con, String[] sql) { for (String s : sql) { try { con.createStatement().execute(s); } catch (SQLException e) { continue; } } } private static void createDB() { EmbeddedDataSource ds = new EmbeddedDataSource(); ds.setDatabaseName("/tmp/realm;create=true"); ds.setUser("APP"); ds.setPassword("APP"); Connection con = null; try { con = ds.getConnection(); executeSQLE(con, dropSchema); executeSQL(con, createSchema); executeSQL(con, insertData); con.close(); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } } /** * @param args */ public static void main(String[] args) { createDB(); // The easiest way to create a Shiro SecurityManager with configured // realms, users, roles and permissions is to use the simple INI config. // We'll do that by using a factory that can ingest a .ini file and // return a SecurityManager instance: // Use the shiro.ini file at the root of the classpath // (file: and url: prefixes load from files and urls respectively): .................. rest of the tutorial code ..............
Remarkable issues here. I am very glad to see your post.
OdpowiedzUsuńThanks so much and I am having a look forward to contact you.
Will you please drop me a mail?
Look into my weblog ... how to make some extra money