Beranda / Shiro Pull Request 859 - Netflix

Shiro Pull Request 859 - Netflix

https stash.corp.netflix.com projects cme repos shiro pull-requests 859
https stash.corp.netflix.com projects cme repos shiro pull-requests 859

Netflix's Shiro: A new Flexible Authorization Platform

Netflix's Shiro is a new powerful and flexible authorization framework that will can be applied to secure web applications and APIs. Shiro is designed to be effortless to use in addition to configure, and it provides a wide range of characteristics to meet typically the needs of most applications.

Key Features

  • Easy to use and configure: Shiro is usually designed to be easy to use and configure, in fact for developers that are new to documentation.
  • Flexible: Shiro can turn out to be used to safeguarded a wide selection of programs, from simple web applications to complex APIs.
  • Extensible: Shiro is extensible, allowing developers to add their personal custom features plus functionality.

How Shiro Works

Shiro works simply by intercepting requests in order to your app and checking if the user has the necessary accord to access the asked for resource. If this user does not necessarily have the necessary permissions, Shiro may deny the obtain and return a great error message.

Shiro employs an assortment of mechanisms to determine in case the user has the necessary permissions in order to access a source. These kinds of mechanisms incorporate:

  • Roles: Roles are groups of permissions that can be designated to customers. When an end user is assigned some sort of role, they will be granted all regarding the permissions that will are associated together with that role.
  • Accord: Permissions are individual actions the fact that can be done on a new useful resource. When a new user will be granted a choice, they are authorized to perform that will action on the particular useful resource.
  • Wildcards: Wildcards can be used to grant permissions to be able to a group associated with sources. For example, the permission *: /users/* might grant the consumer permission to perform any action in any resource the fact that starts with /users/ .

Shiro in Motion

The particular following example indicates how to employ Shiro to safe the simple web software: 

 @RequestMapping(value ="/users", method = RequestMethod. GET) public String getUsers() // Check if the user has the "view users" permission. Subject subject = SecurityUtils.getSubject(); if (!subject.isPermitted("view users")) throw new UnauthorizedException(); // Get the list of users from the database. List<User> users = userService.getUsers(); // Return the list of users as a JSON response. return new ResponseEntity<>(users, HttpStatus.OK);

In this example, the @RequestMapping observation is used to map the /users URL in order to the getUsers method. The SecurityUtils. getSubject() process is used to find the current subject, which signifies the currently authenticated end user. The isPermitted method is applied to check if the subject offers the " see users" authorization. When the subject may not have the particular necessary permission, a UnauthorizedException is definitely thrown. If the subject does have got the necessary permission, the getUsers method proceeds to get the list of people from the database and even return them as a JSON answer.

Summary

Shiro is a powerful and flexible authorization framework that may be used in order to secure a wide range of software. Shiro is quick to use and even configure, and it provides a wide range of capabilities to meet the particular needs of many applications.