仅使用Apache Shiro进行授权的简单POC

时间:2016-12-01 13:39:59

标签: apache web-services rest authorization shiro

我是Apache shiro和rest web服务的新手。根据我的要求,我使用Shiro和休息服务创建简单的POC。

在我的应用程序中,我不使用任何登录页面。只需要一个带有4个Web服务方法的TestService.java 我想通过调用其余客户端来控制具有不同角色的每个Web服务方法。装置

需要

insertNewData()方法' 插入'角色,否则显示一些错误消息

需要

updateNewData()方法' 更新'角色,否则显示一些错误消息

需要

deleteNewData()方法' 删除'角色,否则显示一些错误消息

需要

searchAllData()方法' 管理员'角色,否则显示一些错误消息

我不知道如何为我的需求和休息配置配置shiro.ini文件。

的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">

<display-name>SimpleRest</display-name>

<welcome-file-list>
    <welcome-file>index.html</welcome-file>
</welcome-file-list>

<servlet>
    <servlet-name>Jersey Web Application</servlet-name>
    <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Jersey Web Application</servlet-name>
    <url-pattern>/test/*</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping> </web-app>  

/WEB-INF/shiro.ini 此处如何配置网络服务点击的不同角色

[main]

[users]

[roles]

[urls]
/index.html = anon

TestService.java

package com.simple.rest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.json.JSONException;

@Path("/testservice")
public class TestService {

@Path("/insert")
@GET
@Produces("application/json")
@RequiresRoles( "insert" )
public Response insertNewData() throws JSONException {      
    /**
     * Here insert logic 
     */
    String result = "Insert data method called";
    return Response.status(200).entity(result).build();
}

@Path("/update")
@GET
@Produces("application/json")
@RequiresRoles( "update" )
public Response updateNewData() throws JSONException {      
    /**
     * Here Update logic 
     */
    String result = "Updated data method called";
    return Response.status(200).entity(result).build();
}

@Path("/delete")
@GET
@Produces("application/json")
@RequiresRoles( "delete" )
public Response deleteNewData() throws JSONException {      
    /**
     * Here delete logic
     */
    String result = "Delete data method called";
    return Response.status(200).entity(result).build();
}

@Path("/searchall")
@GET
@Produces("application/json")
@RequiresRoles( "admin" )
public Response searchNewData() throws JSONException {      
    /**
     * Here Search logic 
     */
    String result = "User have admin rights. So only disply all data";
    return Response.status(200).entity(result).build();
}  }

的pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>SimpleRest</groupId>
<artifactId>SimpleRest</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>

<properties>
    <jdk.version>1.7</jdk.version>
    <shiro.version>1.2.4</shiro.version>
    <commons-logging.version>1.2</commons-logging.version>
    <logback-classic.version>1.1.3</logback-classic.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>${shiro.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>${shiro.version}</version>
    </dependency>
    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>${commons-logging.version}</version>
    </dependency>

    <dependency>
        <groupId>ch.qos.logback</groupId>
        <artifactId>logback-classic</artifactId>
        <version>${logback-classic.version}</version>
    </dependency>


    <dependency>
        <groupId>asm</groupId>
        <artifactId>asm</artifactId>
        <version>3.3.1</version>
    </dependency>
    <dependency>
        <groupId>com.sun.jersey</groupId>
        <artifactId>jersey-bundle</artifactId>
        <version>1.19</version>
    </dependency>
    <dependency>
        <groupId>org.json</groupId>
        <artifactId>json</artifactId>
        <version>20140107</version>
    </dependency>
    <dependency>
        <groupId>com.sun.jersey</groupId>
        <artifactId>jersey-server</artifactId>
        <version>1.19</version>
    </dependency>
    <dependency>
        <groupId>com.sun.jersey</groupId>
        <artifactId>jersey-core</artifactId>
        <version>1.19</version>
    </dependency>
</dependencies>

<build>
    <finalName>SimpleRest</finalName>
    <sourceDirectory>src</sourceDirectory>
    <plugins>
        <plugin>
            <artifactId>maven-compiler-plugin</artifactId>
            <version>3.1</version>
            <configuration>
                <source>1.7</source>
                <target>1.7</target>
            </configuration>
        </plugin>
        <plugin>
            <artifactId>maven-war-plugin</artifactId>
            <version>2.4</version>
            <configuration>
                <warSourceDirectory>WebContent</warSourceDirectory>
                <failOnMissingWebXml>false</failOnMissingWebXml>
            </configuration>
        </plugin>
    </plugins>
</build></project>

请帮我解决这个问题。 提前谢谢

1 个答案:

答案 0 :(得分:0)

看看Shiro的官方JAX-RS example