Beranda / Shiro Pull Request 859 - Netflix

Shiro Pull Request 859 - Netflix

https stash.corp.netflix.com projects cme repos shiro pull-requests 859
https stash.corp.netflix.com projects cme repos shiro pull-requests 859

Netflix's Shiro: The Flexible Authorization Construction

Netflix's Shiro is a new powerful and versatile authorization framework that will can be applied to secure web site applications and APIs. Shiro is created to be effortless to use and configure, and this provides a large range of features to meet typically the needs of the majority of applications.

Key Features

  • Easy to make use of and configure: Shiro will be designed to be easy to make use of and configure, in addition for developers who are new to consent.
  • Flexible: Shiro can get used to safeguarded a wide range of apps, coming from simple web programs to complex APIs.
  • Extensible: Shiro is extensible, allowing designers to be able to add their personal custom features plus functionality.

How Shiro Works

Shiro works by means of intercepting requests for you to your app in addition to checking if the particular user has the necessary permissions for you to access the required resource. If the particular user does not necessarily have the necessary permissions, Shiro may deny the obtain and return an error message.

Shiro utilizes a variety of elements to determine when the user has the particular necessary permissions to be able to access a source. These types of mechanisms contain:

  • Roles: Roles are organizations of accord that can be allocated to customers. Whenever a customer is assigned some sort of role, they are granted all regarding the permissions the fact that are associated along with that role.
  • Permissions: Permissions are individual actions that will can be performed on the useful resource. When some sort of user will be granted an authorization, they are granted to perform that action on the source.
  • Wildcards: Wildcards can be used for you to grant permissions in order to some sort of group of solutions. For example, the permission *: /users/* might grant the customer permission to conduct any action upon any resource the fact that starts with /users/ .

Shiro in Steps

Typically the following example displays how to employ Shiro to safe a new simple internet application: 

 @RequestMapping(value ="/users", method = RequestMethod. GET) open public String getUsers() // Check if the user has the "view users" permission. Subject subject = SecurityUtils.getSubject(); if (!subject.isPermitted("view users")) throw new UnauthorizedException(); // Get the list of users from the database. List<User> users = userService.getUsers(); // Return the list of users as a JSON response. return new ResponseEntity<>(users, HttpStatus.OK);

In this instance, the @RequestMapping observation is used in order to map the /users URL in order to the getUsers method. The SecurityUtils. getSubject() process is used to find the current theme, which signifies the currently authenticated customer. The isPermitted method is applied to check if the subject features the " look at users" authorization. When the subject does indeed not have the particular necessary permission, a UnauthorizedException is usually thrown. If the particular subject does include the necessary authorization, the getUsers method proceeds for you to get the list of users through the database in addition to return them as a JSON answer.

Bottom line

Shiro is a powerful and flexible consent framework that may be used for you to secure a broad range of apps. Shiro is easy to use and even configure, and this provides a large range of characteristics to meet typically the needs of the majority of applications.