Google Translate says...四郎

WTF

or it probably is...白

or not

The most possible is 

Castle / 城 in Japanese

If you were a king,

what can a castle do for you?

To claim a land as my realm. Everyone has to obey my law!!

To ensure my people's security.

To protect a king from enemies.

Remember AOE?

Also,

that's what Shiro do for you

And you are the king.

A Realm is...

A scope which defines a set of principals to make users obey.

It can be applied on one or more applications.

A Principal is...

A set of rules to determine what a user can do in this realm.

A Subject is...

A session which represents a user who is now using your application.

Modules

shiro-core

The basic kernel of shiro framework.

shiro-web

Supporting of webapps.

shiro-aspectj

Supporting of Shiro AOP annotations.

shiro-spring

Integration with Spring framework.

shiro-ehcache

Supporting of Shiro cache based on Ehcache.

shiro-quartz

Supporting of Shiro session validation scheduling based on Quartz.

Before starting...

We need

    JDK 1.5+,

    Maven 2.2+,

    Spring Tool Suite,

    Git plug-in,

    and GitHub account.

clone: https://github.com/dontpkme/ShiroSample.git

At first, you need the core module

  <dependency>
  	<groupId>org.apache.shiro</groupId>
  	<artifactId>shiro-core</artifactId>
  	<version>1.2.3</version>
  </dependency>

The default way to setup Shiro using .ini file

[users]
Joe = joe, warrior
Asip = asip, ranger
Kirin = kirin, swordman, fighter
Jimmy = jimmy, archer
Study = study, mage
Newbie = newbie


[roles]
warrior = melee:*
ranger = melee:stab, dodge
swordman = melee:slash, parry
fighter = melee:punch, dodge
archer = shoot
mage = "cast:fireball,blizzard", heal

Sample code snippets

Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);

Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
currentUser.login(token);

if(currentUser.hasRole("user"))
    System.out.println("you are a user");

if(currentUser.isPermitted("edit"))
    System.out.println("you can edit");

Try it in branch <ini-realm>

The default way to setup Shiro using .ini file

[main]
myRealm = realm.CustomizeRealm

Sample code snippets

public class CustomizeRealm extends AuthorizingRealm {

    protected SimpleAccount getAccount(String username) {
        SimpleAccount account = new SimpleAccount(username, pwdTable.get(username), getName());
        ArrayList<String> userRoles = userRoleTable.get(username);
        for(String role: userRoles) {
        	account.addRole(role);
        	account.addStringPermissions(rolePermTable.get(role));
        }
        return account;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
        throws AuthenticationException {
    	UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        return getAccount(upToken.getUsername());
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String username = (String) getAvailablePrincipal(principals);
        return getAccount(username);
    }
}

Try it in branch <my-customize-realm>

For LDAP

• ActiveDirectoryRealm
• JndiLdapRealm

For CAS

• CasRealm

For DB

• JdbcRealm

Document

You need the web module

<dependency>
	<groupId>org.apache.shiro</groupId>
	<artifactId>shiro-web</artifactId>
	<version>1.2.3</version>
</dependency>

<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>

add Shiro Listener into web.xml

// Factory<SecurityManager> factory = new IniSecurityManagerFactory("/shiro.ini");
// SecurityManager securityManager = factory.getInstance();
// SecurityUtils.setSecurityManager(securityManager);

and you don't need this now

this will be handled by listener

<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

add Shiro Filter into web.xml

Set Shiro Filter in shiro.ini

[urls]
/logout.jsp = logout
/index.jsp = authc
/ = authc
/admin/** = roles[GM]

More Filters can use..

Shiro's Taglib

to check permission or role in JSP page

<shiro:lacksRole name="warrior">
Guild Keeper: "You are not a warrior, Get out."
</shiro:lacksRole>

<shiro:hasRole name="warrior">
Guild Keeper: "You are a warrior, welcome!"
</shiro:hasRole>

<shiro:hasPermission name="melee:punch">
Gate Keeper: "You know how to punch. You must be a warrior or a fighter!"
</shiro:hasPermission>

<shiro:lacksPermission name="melee:punch">
Gate Keeper: "You don't know how to punch. Get out!"
</shiro:lacksPermission>

Try it in branch <shiro-in-webpp>

Work In Progress

Reference

http://shiro.apache.org/

http://shiro.apache.org/download.html  -- Shiro's modules

http://shiro.apache.org/integration.html  -- Shiro Integration