2014-04-13

Configuring Apache Shiro (shiro-web) without shiro.ini

Intro

Apache Shiro is a Java security framework, for authentication, authorization, etc.
Tutorials online I found[1,2,3] are all built around /WEB-INF/shiro.ini. Since Servlet 3.0 you can live a life without web.xml completely, so I think it's also possible to get rid of shiro.ini.
Below it shows the (almost) minimal code needed to translate shiro.ini into Java code.

Environment

Eclipse WTP 4.4M6
Tomcat 8.0.5
Java 7

Steps

  1. Create a dynamic web project.
  2. Mavenize the project.
  3. Add Maven dependencies:
    Maven dependencyNote
    org.apache.shiro:shiro-web:jar:1.2.3
    org.apache.tomcat:tomcat-api:jar:8.0.5It's needed for current Luna version
  4. Create ShiroFilter.java:
    import javax.servlet.annotation.WebFilter;
    
    @WebFilter("/*")
    public class ShiroFilter extends org.apache.shiro.web.servlet.ShiroFilter {
    }
    
  5. Create ShiroListener.java:
    import javax.servlet.ServletContextEvent;
    import javax.servlet.ServletContextListener;
    import javax.servlet.annotation.WebListener;
    
    import org.apache.shiro.web.env.EnvironmentLoaderListener;
    
    @WebListener
    public class ShiroListener extends EnvironmentLoaderListener implements
        ServletContextListener {
    
      @Override
      public void contextInitialized(ServletContextEvent sce) {
        sce.getServletContext().setInitParameter(ENVIRONMENT_CLASS_PARAM,
            HelloWebEnvironment.class.getName());
        super.contextInitialized(sce);
      }
    
    }
    
  6. Create HelloWebEnvironment.java:
    import org.apache.shiro.web.env.DefaultWebEnvironment;
    
    public class HelloWebEnvironment extends DefaultWebEnvironment {
    
      public HelloWebEnvironment() {
        super();
        setFilterChainResolver(HelloHelper.getFilterChainResolver());
        setSecurityManager(HelloHelper.getSecurityManager());
      }
    
    }
    
  7. Create HelloHelper.java:
    import org.apache.shiro.mgt.SecurityManager;
    import org.apache.shiro.realm.text.IniRealm;
    import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
    import org.apache.shiro.web.filter.authc.LogoutFilter;
    import org.apache.shiro.web.filter.mgt.DefaultFilterChainManager;
    import org.apache.shiro.web.filter.mgt.FilterChainManager;
    import org.apache.shiro.web.filter.mgt.FilterChainResolver;
    import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    
    public class HelloHelper {
    
      private static SecurityManager securityManager = null;
      private static FilterChainResolver filterChainResolver = null;
    
      public static SecurityManager getSecurityManager() {
        if (securityManager == null) {
          SimpleAccountRealm realm = new SimpleAccountRealm();
          realm.addAccount("jack", "abca1234", "employee");
    
          securityManager = new DefaultWebSecurityManager(realm);
        }
        return securityManager;
      }
    
      public static FilterChainResolver getFilterChainResolver() {
        if (filterChainResolver == null) {
          FormAuthenticationFilter authc = new FormAuthenticationFilter();
          authc.setLoginUrl("/login.html");
          LogoutFilter logout = new LogoutFilter();
    
          FilterChainManager fcMan = new DefaultFilterChainManager();
          fcMan.addFilter("authc", authc);
          fcMan.addFilter("logout", logout);
          fcMan.createChain("/logout", "logout");
          fcMan.createChain("/**", "authc");
    
          PathMatchingFilterChainResolver resolver = new PathMatchingFilterChainResolver();
          resolver.setFilterChainManager(fcMan);
          filterChainResolver = resolver;
        }
        return filterChainResolver;
      }
    
    }
    
  8. Create login.html:
    <html>
    <body>
      <form method="post">
        <table>
          <tr>
            <td><input name="username" type="text" /></td>
          </tr>
          <tr>
            <td><input name="password" type="password" /></td>
          </tr>
          <tr>
            <td><input type="submit" value="Submit" /></td>
          </tr>
        </table>
      </form>
    </body>
    </html>
    

Key points

With the code above, you should be able to start authenticate with jack:abca1234. Some key points:
  • ShiroFilter inherits Shiro's own ShiroFilter, annotated essentially just to bring the Shiro machinery into the Servlet container.
  • ShiroListener is similar to ShiroFilter, inheriting EnvironmentLoaderListener, annotated, with some custom logic to plug HelloWebEnvironment in.
  • HelloWebEnvironment is a custom class to set up Shiro environment. This is the key part to get rid of shiro.ini, which is used by IniWebEnvironment.
  • HelloHelper has 2 functions setting up a FilterChainResolver and a SecurityManager, which are essential for Shiro's operation.
    • Realm configurations are associated with SecurityManager.
    • FilterChainResolver requires a configured FilterChainManager, which is in charge of mapping URLs to filters.
  • In login.html, the form element should have no action attribute.

1 comment:

Diego Fernando dos Santos Flor said...

hello, very very good this post, would have an email contact?