Setting up a JDBC realm using Apache Shiro for a Spring Roo project
https://stackoverflow.com/questions/8377475
-
28-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a Spring-Roo project set up using Eclipse link for my JPA persistence layer and i have created (User Roles, Users ) Table to manage my security. I was wondering if anyone has set up a realm with a Spring project to configure Apache Shiro so that it uses the database tables for username and password look up as well as saves username's and passwords?
Currently i have a Shiro.ini file being used with a few test roles and (username, password) combinations but i am trying to figure out how to instead configure my web.xml file using the correct filters. Below is my web.xml file and the current filters set.
<filter>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
</filter>
<!-- all declarations in shiro.ini file -->
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Does anyone have an example of a JDBC realm using (Postgres) with Apache Shiro and Spring?
Solution
Please see Shiro's Spring documentation for correct web.xml configuration. It is different than the web.xml example you've shown.
Because Spring's XML config is slightly more powerful than Shiro's INI, Spring users are encouraged to use full Spring configuration instead of Shiro INI. See the 'Web Applications' section of that page to see an example of Spring-only config for Shiro.
In the 'applicationContext.xml' part of that page's documentation, you'll see a
<bean id="myRealm" class="...">
...
</bean>
part of the xml config. Replace that with your JdbcRealm bean definition. You can inject your Spring-configured datasource as expected:
<bean id="myRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
<property name="dataSource" ref="springConfiguredDataSource"/>
...
</bean>
You can see the default SQL queries that are run by looking at the JdbcRealm's source code.
You can configure those queries as necessary.
Note that if your data model is complex enough such that the JdbcRealm isn't sufficient for your needs, it is easy to extend Shiro's AuthorizingRealm and perform the user/role/permission lookup using whatever datasource API you prefer (JPA, Hibernate, etc.).
