Complete analysis of the "identity mapping 'framework in the Java class library
Fully analysis of the identity mapping framework in the Java class library
Overview:
In modern software development, identity management and identity verification are a very important feature.Idential mapping is a technology that maps identity to its corresponding attributes and permissions.The Java class library provides many identity mapping frameworks to simplify the development of identity management and permissions control.This article will analyze the identity mapping framework and provide relevant Java code examples.
1, SHIRO
Apache Shiro is a powerful and easy to use Java security framework.It provides a simple API that can handle security -related functions such as identity authentication, authorization, session management and password encryption.The following is an example of the basic usage of Shiro:
1. Introduce shiro dependence:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.7.1</version>
</dependency>
2. Create the Shiro Realm class to achieve identity verification and authorization logic:
public class MyRealm extends AuthorizingRealm {
// Authentication
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// identity authentication logic
}
// permissions control
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// Permission control logic
}
}
3. Configure Shiro security manager and realm:
DefaultSecurityManager securityManager = new DefaultSecurityManager();
securityManager.setRealm(new MyRealm());
SecurityUtils.setSecurityManager(securityManager);
4. Call the SHIRO API to complete the authentication and authorization operation:
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
AuthenticationToken token = new UsernamePasswordToken("username", "password");
currentUser.login(token);
}
if (currentUser.hasRole("admin")) {
// Executive administrator authority logic
}
if (currentUser.isPermitted("user:create")) {
// Execute the creation of user permission logic
}
二、Spring Security
Spring Security is an authentication and authorization framework based on the Spring framework.It provides a series of security filters and certification/authorization processes, allowing developers to easily achieve identity management and permissions control.The following is an example of the basic usage of Spring Security:
1. Introduce Spring Security dependence:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
2. Create the Spring Security configuration class, configure identity verification and authorization rules:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("username")
.password("password")
.roles("admin");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").hasRole("admin")
.antMatchers("/user/**").hasAnyRole("admin", "user")
.anyRequest().authenticated()
.and().formLogin();
}
}
3. Start Spring Security:
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
The above examples show the memory -based authentication and role authorization rules.We can achieve more flexible identity management and permissions control through custom userDetailsservice and configuration database.
in conclusion:
Idential mapping plays an important role in modern software development.The identity mapping framework in the Java class library provides rich functions and easy -to -use APIs, allowing developers to easily implement identity management and permissions control.This article introduces the two commonly used identity mapping frameworks, Apache Shiro and Spring Security, and provides simple code examples, hoping to help readers better understand and apply identity mapping frameworks.