Beranda / Shiro Pull Request 951

Shiro Pull Request 951

https stash.corp.netflix.com projects cme repos shiro pull-requests 951
https stash.corp.netflix.com projects cme repos shiro pull-requests 951

Integrating SSO with Shiro Structure

Overview

This specific article guides you through the process of integrating solitary sign-on (SSO) along with Shiro Framework, some sort of popular Java agreement framework. SSO allows users to gain access to multiple applications together with a single sign in. This integration enables secure authentication and even authorization for several applications within the single domain or even across multiple domain names.

Prerequisites

  • Espresso Development Kit (JDK) 8 or after
  • Indien Maven 3. zero or later
  • Shiro Structure 1. 4 or perhaps later
  • Servlet container (e. g., Tomcat, Jetty)

Setup

  1. Create some sort of New Maven Project: 
 mvn archetype: generate -DgroupId=com. example -DartifactId=shiro-sso -DarchetypeArtifactId=maven-archetype-quickstart
  1. Add Shiro Dependency:

Add the Shiro dependency to your own project's pom. xml file: 

 < dependency> < groupId> org. apache. shiro< /groupId> < artifactId> shiro-core< /artifactId> < version> 1. five. 0< /version> < /dependency>
  1. Configure Shiro:

Create a fresh file named shiro. sekarang inside of the src/main/resources directory. This data file contains the Shiro configuration: 

 [main] securityManager. realm = com. example. shiro. MyRealm
  1. Create a Tailor-made Realm:

Found in src/main/java/com/example/shiro , create the custom realm that extends ShiroRealm and overrides the particular doGetAuthenticationInfo plus doGetAuthorizationInfo methods: 

 import org. apache. shiro. realm. World; import org. apache. shiro. realm. SimpleAccountRealm; public class MyRealm extends SimpleAccountRealm implements Realm // Override doGetAuthenticationInfo to perform custom user authentication @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException // Perform username and password based authentication String username = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); // Retrieve user from database or LDAP User user = getUser(username, password); // Return AuthenticationInfo if user is valid if (user != null) return new SimpleAuthenticationInfo(username, password, getName()); // Throw exception if user is not valid throw new UnknownAccountException("User not found"); // Override doGetAuthorizationInfo to perform custom user authorization @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) // Retrieve user roles and permissions from database or LDAP String username = principals.getPrimaryPrincipal().toString(); Set<String> roles = getUserRoles(username); Set<String> permissions = getUserPermissions(username); // Return AuthorizationInfo return new SimpleAuthorizationInfo(roles, permissions);

Integrating with SSO

  1. Add more Servlet Filter:

In src/main/java/com/example/shiro , create a servlet separate out that intercepts incoming requests and executes SSO authentication: 

 transfer javax. servlet. *; import javax. servlet. http. HttpServletRequest; import javax. servlet. http. HttpServletResponse; import org. apache. shiro. SecurityUtils; import org. indien. shiro. subject. Subject matter; public class SSOServletFilter implements Filter @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException Subject subject = SecurityUtils.getSubject(); // Check if user is already authenticated if (subject.isAuthenticated()) chain.doFilter(request, response); return; // Redirect to SSO login page HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.sendRedirect("https://sso.example.com/login?redirect=" + httpRequest.getRequestURL());
  1. Sign up Servlet Filter:

Configure the servlet filter in web. xml : 

 < filter> < filter-name> SSOServletFilter< /filter-name> < filter-class> com. example. shiro. SSOServletFilter< /filter-class> < /filter> < filter-mapping> < filter-name> SSOServletFilter< /filter-name> < url-pattern> /*< /url-pattern> < /filter-mapping>

Added Considerations

  • SSL Configuration: Ensure the fact that communication between typically the SSO provider and your application is definitely encrypted using SSL.
  • Logout Handling: Implement some sort of logout handler to remove the user session when these people log out by the SSO provider.
  • Cross-Site Request Forgery (CSRF) Protection: Enable CSRF protection in your Shiro configuration to prevent malicious demands from outside your application.

Conclusion

Integrating SSO with Shiro Framework offers a secure and convenient way to manage user authentication and authorization around multiple applications. By means of following the actions outlined in this kind of article, you could effectively enhance the particular security and end user experience of your own web applications.