Beranda / Shiro Pull Request 951

Shiro Pull Request 951

https stash.corp.netflix.com projects cme repos shiro pull-requests 951
https stash.corp.netflix.com projects cme repos shiro pull-requests 951

Integrating SSO with Shiro Structure

Overview

This kind of article guides a person through the course of action of integrating single sign-on (SSO) along with Shiro Framework, some sort of popular Java consent framework. SSO makes it possible for users to entry multiple applications along with a single logon. This integration helps secure authentication in addition to authorization for various applications within a new single domain or even across multiple websites.

Prerequisites

  • Coffee beans Development Kit (JDK) 8 or after
  • Apache Maven 3. zero or later
  • Shiro Framework 1. 4 or maybe later
  • Servlet container (e. g., Tomcat, Jetty)

Setup

  1. Create some sort of New Maven Venture: 
 mvn archetype: generate -DgroupId=com. example -DartifactId=shiro-sso -DarchetypeArtifactId=maven-archetype-quickstart
  1. Increase Shiro Dependency:

Add the Shiro dependency to the project's pom. xml file: 

 < dependency> < groupId> org. apache. shiro< /groupId> < artifactId> shiro-core< /artifactId> < version> 1. 5. 0< /version> < /dependency>
  1. Configure Shiro:

Create a fresh file named shiro. sekarang found in the src/main/resources directory. This file contains the Shiro configuration: 

 [main] securityManager. realm = com. example. shiro. MyRealm
  1. Create a Custom made Realm:

Inside src/main/java/com/example/shiro , create a custom realm the fact that extends ShiroRealm and overrides typically the doGetAuthenticationInfo and even doGetAuthorizationInfo approaches: 

 import org. apache. shiro. realm. Dominion; import org. indien. shiro. realm. SimpleAccountRealm; public class MyRealm extends SimpleAccountRealm implements Realm // Override doGetAuthenticationInfo to perform custom user authentication @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException // Perform username and password based authentication String username = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); // Retrieve user from database or LDAP User user = getUser(username, password); // Return AuthenticationInfo if user is valid if (user != null) return new SimpleAuthenticationInfo(username, password, getName()); // Throw exception if user is not valid throw new UnknownAccountException("User not found"); // Override doGetAuthorizationInfo to perform custom user authorization @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) // Retrieve user roles and permissions from database or LDAP String username = principals.getPrimaryPrincipal().toString(); Set<String> roles = getUserRoles(username); Set<String> permissions = getUserPermissions(username); // Return AuthorizationInfo return new SimpleAuthorizationInfo(roles, permissions);

Integrating with SSO

  1. Add Servlet Filter:

In src/main/java/com/example/shiro , generate a servlet separate out that intercepts newly arriving requests and works SSO authentication: 

 transfer javax. servlet. *; import javax. servlet. http. HttpServletRequest; significance javax. servlet. http. HttpServletResponse; import org. apache. shiro. SecurityUtils; import org. indien. shiro. subject. Issue; public class SSOServletFilter implements Filter @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException Subject subject = SecurityUtils.getSubject(); // Check if user is already authenticated if (subject.isAuthenticated()) chain.doFilter(request, response); return; // Redirect to SSO login page HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.sendRedirect("https://sso.example.com/login?redirect=" + httpRequest.getRequestURL());
  1. Sign up Servlet Filter:

Configure the servlet filter in web. xml : 

 < filter> < filter-name> SSOServletFilter< /filter-name> < filter-class> com. example. shiro. SSOServletFilter< /filter-class> < /filter> < filter-mapping> < filter-name> SSOServletFilter< /filter-name> < url-pattern> /*< /url-pattern> < /filter-mapping>

Further Considerations

  • SSL Configuration: Ensure that will communication between the particular SSO provider and your application is definitely encrypted using SSL.
  • Logout Handling: Implement some sort of logout handler in order to remove the consumer session when they will log out coming from the SSO service provider.
  • Cross-Site Request Forgery (CSRF) Protection: Enable CSRF protection in your Shiro configuration for you to prevent malicious demands from outside your current application.

Summary

Integrating SSO using Shiro Framework provides a secure plus convenient way to be able to manage user authentication and authorization over multiple applications. By following the methods outlined in this specific article, you may effectively enhance typically the security and customer experience of your own web applications.