Beranda / Shiro Pull Request 859 - Netflix

Shiro Pull Request 859 - Netflix

https stash.corp.netflix.com projects cme repos shiro pull-requests 859
https stash.corp.netflix.com projects cme repos shiro pull-requests 859

Netflix's Shiro: A new Flexible Authorization Construction

Netflix's Shiro is the powerful and versatile authorization framework of which can be employed to secure web site applications and APIs. Shiro is made to be easy to use and configure, and the idea provides an extensive range of capabilities to meet typically the needs of many applications.

Key Features

  • Easy to make use of and configure: Shiro is designed to end up being easy to make use of and configure, in fact for developers that are new to agreement.
  • Flexible: Shiro can end up being used to secure a wide variety of programs, coming from simple web applications to complex APIs.
  • Extensible: Shiro is extensible, allowing developers to add their personal custom features plus functionality.

How Shiro Works

Shiro works by simply intercepting requests to your app and checking if the user has the particular necessary permissions for you to access the asked for resource. If typically the user does not necessarily have the necessary permissions, Shiro will deny the ask for and return a great error message.

Shiro uses a selection of mechanisms to determine in the event that the user has typically the necessary permissions for you to access an useful resource. All these mechanisms incorporate:

  • Roles: Roles are groups of permissions that can be allocated to users. If an end user is assigned some sort of role, they are usually granted all associated with the permissions that are associated along with that role.
  • Accord: Permissions are individual actions of which can be performed on a new resource. When some sort of user is granted a choice, they are authorized to perform that will action on this source.
  • Wildcards: Wildcards will be used for you to grant permissions to a new group regarding resources. For example, the permission *: /users/* would certainly grant the consumer choice to conduct any action on any resource that will starts with /users/ .

Shiro in Actions

The following example exhibits how to make use of Shiro to safeguarded a new simple net app: 

 @RequestMapping(value ="/users", method = RequestMethod. GET) general public String getUsers() // Check if the user has the "view users" permission. Subject subject = SecurityUtils.getSubject(); if (!subject.isPermitted("view users")) throw new UnauthorizedException(); // Get the list of users from the database. List<User> users = userService.getUsers(); // Return the list of users as a JSON response. return new ResponseEntity<>(users, HttpStatus.OK);

In this illustration, the @RequestMapping annotation is used for you to map the /users URL in order to the getUsers method. The SecurityUtils. getSubject() technique is used to get the current issue, which presents this currently authenticated customer. The isPermitted method is employed to check in case the subject offers the " look at users" choice. If the subject does indeed not have the necessary authorization, a UnauthorizedException is thrown. If this subject does have got the necessary permission, the getUsers method proceeds for you to get the list of people through the database and return them because a JSON response.

Realization

Shiro is a strong and flexible documentation framework that can be used in order to secure a broad range of programs. Shiro is simple to use and even configure, and that provides an extensive range of functions to meet the particular needs of most applications.