Beranda / Shiro Pull Request 951

Shiro Pull Request 951

https stash.corp.netflix.com projects cme repos shiro pull-requests 951
https stash.corp.netflix.com projects cme repos shiro pull-requests 951

Integrating SSO with Shiro Platform

Overview

This specific article guides a person through the method of integrating one sign-on (SSO) using Shiro Framework, a new popular Java consent framework. SSO allows users to access multiple applications along with a single logon. This integration enables secure authentication in addition to authorization for different applications within the single domain or even across multiple domain names.

Prerequisites

  • Coffee beans Development Kit (JDK) 8 or after
  • Indien Maven 3. 0 or later
  • Shiro Construction 1. 4 or later
  • Servlet container (e. g., Tomcat, Jetty)

Setup

  1. Create the New Maven Job: 
 mvn archetype: generate -DgroupId=com. example -DartifactId=shiro-sso -DarchetypeArtifactId=maven-archetype-quickstart
  1. Add more Shiro Dependency:

Add the Shiro dependency to your current project's pom. xml file: 

 < dependency> < groupId> org. apache. shiro< /groupId> < artifactId> shiro-core< /artifactId> < version> 1. 5. 0< /version> < /dependency>
  1. Configure Shiro:

Create a brand new file named shiro. sekarang inside of the src/main/resources directory. This file contains the Shiro configuration: 

 [main] securityManager. realm = com. example. shiro. MyRealm
  1. Create a Custom Realm:

Found in src/main/java/com/example/shiro , create the custom realm of which extends ShiroRealm and overrides typically the doGetAuthenticationInfo in addition to doGetAuthorizationInfo methods: 

 import org. apache. shiro. realm. Realm; import org. apache. shiro. realm. SimpleAccountRealm; public class MyRealm extends SimpleAccountRealm implements Realm // Override doGetAuthenticationInfo to perform custom user authentication @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException // Perform username and password based authentication String username = (String) token.getPrincipal(); String password = new String((char[]) token.getCredentials()); // Retrieve user from database or LDAP User user = getUser(username, password); // Return AuthenticationInfo if user is valid if (user != null) return new SimpleAuthenticationInfo(username, password, getName()); // Throw exception if user is not valid throw new UnknownAccountException("User not found"); // Override doGetAuthorizationInfo to perform custom user authorization @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) // Retrieve user roles and permissions from database or LDAP String username = principals.getPrimaryPrincipal().toString(); Set<String> roles = getUserRoles(username); Set<String> permissions = getUserPermissions(username); // Return AuthorizationInfo return new SimpleAuthorizationInfo(roles, permissions);

Integrating with SSO

  1. Increase Servlet Filter:

In src/main/java/com/example/shiro , produce a servlet filtration that intercepts inbound requests and functions SSO authentication: 

 importance javax. servlet. *; import javax. servlet. http. HttpServletRequest; import javax. servlet. http. HttpServletResponse; import org. apache. shiro. SecurityUtils; import org. indien. shiro. subject. Subject matter; public class SSOServletFilter implements Filter @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException Subject subject = SecurityUtils.getSubject(); // Check if user is already authenticated if (subject.isAuthenticated()) chain.doFilter(request, response); return; // Redirect to SSO login page HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.sendRedirect("https://sso.example.com/login?redirect=" + httpRequest.getRequestURL());
  1. Sign-up Servlet Filter:

Configure the servlet filter in web. xml : 

 < filter> < filter-name> SSOServletFilter< /filter-name> < filter-class> com. example. shiro. SSOServletFilter< /filter-class> < /filter> < filter-mapping> < filter-name> SSOServletFilter< /filter-name> < url-pattern> /*< /url-pattern> < /filter-mapping>

Added Considerations

  • SSL Configuration: Ensure of which communication between the SSO provider and your application is usually encrypted using SSL.
  • Logout Handling: Implement the logout handler to be able to remove the end user session when they will log out coming from the SSO provider.
  • Cross-Site Request Forgery (CSRF) Protection: Enable CSRF protection in your own Shiro configuration to be able to prevent malicious needs from outside your current application.

Bottom line

Integrating SSO using Shiro Framework provides a secure and even convenient way in order to manage user authentication and authorization throughout multiple applications. Simply by following the steps outlined in this specific article, you may effectively enhance the security and user experience of your web applications.