【发布时间】:2017-04-16 04:22:01
【问题描述】:
我是 Apache shiro 和 REST Web 服务的新手。根据我的要求,我正在使用 Shiro 和休息服务创建简单的 POC。
在我的应用程序中,我不使用任何登录页面。只需一个 TestService.java 和 4 个 web 服务方法 我想通过调用其余客户端来控制具有不同角色的每个 Web 服务方法。意思是
insertNewData() 方法需要 'insert' 角色,否则会显示一些错误消息
updateNewData() method required 'update' role ,否则显示一些错误信息
deleteNewData() 方法需要 'delete' 角色,否则显示一些错误信息
searchAllData() 方法需要 'admin' 角色,否则会显示一些错误消息
我不知道如何为我的需求和其余配置配置 shiro.ini 文件。
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>SimpleRest</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Jersey Web Application</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey Web Application</servlet-name>
<url-pattern>/test/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping> </web-app>
/WEB-INF/shiro.ini这里如何配置web服务命中的不同角色
[main]
[users]
[roles]
[urls]
/index.html = anon
TestService.java
package com.simple.rest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.json.JSONException;
@Path("/testservice")
public class TestService {
@Path("/insert")
@GET
@Produces("application/json")
@RequiresRoles( "insert" )
public Response insertNewData() throws JSONException {
/**
* Here insert logic
*/
String result = "Insert data method called";
return Response.status(200).entity(result).build();
}
@Path("/update")
@GET
@Produces("application/json")
@RequiresRoles( "update" )
public Response updateNewData() throws JSONException {
/**
* Here Update logic
*/
String result = "Updated data method called";
return Response.status(200).entity(result).build();
}
@Path("/delete")
@GET
@Produces("application/json")
@RequiresRoles( "delete" )
public Response deleteNewData() throws JSONException {
/**
* Here delete logic
*/
String result = "Delete data method called";
return Response.status(200).entity(result).build();
}
@Path("/searchall")
@GET
@Produces("application/json")
@RequiresRoles( "admin" )
public Response searchNewData() throws JSONException {
/**
* Here Search logic
*/
String result = "User have admin rights. So only disply all data";
return Response.status(200).entity(result).build();
} }
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>SimpleRest</groupId>
<artifactId>SimpleRest</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<jdk.version>1.7</jdk.version>
<shiro.version>1.2.4</shiro.version>
<commons-logging.version>1.2</commons-logging.version>
<logback-classic.version>1.1.3</logback-classic.version>
</properties>
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>${commons-logging.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback-classic.version}</version>
</dependency>
<dependency>
<groupId>asm</groupId>
<artifactId>asm</artifactId>
<version>3.3.1</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-bundle</artifactId>
<version>1.19</version>
</dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20140107</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.19</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-core</artifactId>
<version>1.19</version>
</dependency>
</dependencies>
<build>
<finalName>SimpleRest</finalName>
<sourceDirectory>src</sourceDirectory>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration>
<warSourceDirectory>WebContent</warSourceDirectory>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
</plugins>
</build></project>
请帮助我。 提前致谢
【问题讨论】:
标签: apache web-services rest authorization shiro