Beranda / Shiro Pull Request 859 - Netflix

Shiro Pull Request 859 - Netflix

https stash.corp.netflix.com projects cme repos shiro pull-requests 859
https stash.corp.netflix.com projects cme repos shiro pull-requests 859

Netflix's Shiro: Some sort of Flexible Authorization Platform

Netflix's Shiro is the powerful and accommodating authorization framework of which can be employed to secure web site applications and APIs. Shiro is made to be quick to use and configure, and that provides a wide range of functions to meet this needs of many applications.

Key Features

  • Easy to use and configure: Shiro will be designed to be easy to work with and configure, still for developers who else are new to consent.
  • Flexible: Shiro can turn out to be used to protected a wide selection of programs, through simple web apps to complex APIs.
  • Extensible: Shiro is extensible, allowing programmers to add their very own custom features and even functionality.

How Shiro Works

Shiro works by intercepting requests to your app plus checking if the user has the necessary permissions in order to access the requested resource. If typically the user does not necessarily have the essential permissions, Shiro can deny the ask for and return a great error message.

Shiro utilizes a selection of elements to determine in the event that a new user has typically the necessary permissions for you to access a reference. These types of mechanisms incorporate:

  • Roles: Roles are organizations of accord the fact that can be allocated to consumers. When a consumer is assigned a new role, they are granted all associated with the permissions of which are associated with that role.
  • Accord: Accord are individual actions of which can be done on a new useful resource. When some sort of user is granted an agreement, they are granted to perform the fact that action on the particular source.
  • Wildcards: Wildcards can be used for you to grant permissions for you to the group involving resources. For example of this, the permission *: /users/* would likely grant the end user agreement to perform any action upon any resource of which starts with /users/ .

Shiro in Action

The particular following example shows how to employ Shiro to safe a new simple website application: 

 @RequestMapping(value ="/users", method = RequestMethod. GET) open public String getUsers() // Check if the user has the "view users" permission. Subject subject = SecurityUtils.getSubject(); if (!subject.isPermitted("view users")) throw new UnauthorizedException(); // Get the list of users from the database. List<User> users = userService.getUsers(); // Return the list of users as a JSON response. return new ResponseEntity<>(users, HttpStatus.OK);

In this example, the @RequestMapping annotation is used to map the /users URL for you to the getUsers method. The SecurityUtils. getSubject() approach is used to acquire the current subject matter, which represents the currently authenticated end user. The isPermitted method is employed to check if the subject has got the " view users" authorization. When the subject will not have typically the necessary choice, a UnauthorizedException is definitely thrown. If the particular subject does possess the necessary authorization, the getUsers method proceeds for you to get the list of people through the database and return them as a JSON answer.

Summary

Shiro is a strong and flexible agreement framework that can be used in order to secure a broad range of programs. Shiro is easy to use and even configure, and it provides a large range of characteristics to meet typically the needs of many applications.