{"id":25944,"date":"2024-03-16T05:55:34","date_gmt":"2024-03-16T05:55:34","guid":{"rendered":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/"},"modified":"2024-03-22T07:23:42","modified_gmt":"2024-03-22T07:23:42","slug":"how-can-shiro-achieve-authentication-and-authorization","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/","title":{"rendered":"How can Shiro achieve authentication and authorization?"},"content":{"rendered":"<p>Shiro is a powerful and flexible Java security framework that can be used to implement authentication and authorization features. Here are the general steps for using Shiro for authentication and authorization:<\/p>\n<ol>\n<li>Add Shiro dependency: Include Shiro related dependencies in the Maven or Gradle configuration file of the project.<\/li>\n<li>Configure Shiro: Create a Shiro configuration file that includes the relevant configuration information for Shiro, such as authenticators, authorizers, Realms, and so on.<\/li>\n<li>Create a Realm: Realm is one of the core components of Shiro, used to retrieve user information from data sources and perform authentication and authorization. You need to implement your own Realm class, which includes the specific logic for authentication and authorization.<\/li>\n<li>Authentication: Use the Subject object from Shiro to perform authentication operations in places where authentication is required. The Subject is the core object in Shiro that represents the security operations of the current user.<\/li>\n<li>Authorization: In places where authorization is required, perform authorization operations using Shiro&#8217;s Subject object. Typically, use Shiro&#8217;s annotations or programmatic approaches to authorize, determining whether to allow the execution of a certain operation based on the user&#8217;s role or permissions.<\/li>\n<\/ol>\n<p>The following is a simple example code.<\/p>\n<pre class=\"post-pre\"><code><span class=\"hljs-comment\">\/\/ \u521b\u5efa\u4e00\u4e2a Shiro \u7684 Subject \u5bf9\u8c61<\/span>\r\n<span class=\"hljs-type\">Subject<\/span> <span class=\"hljs-variable\">currentUser<\/span> <span class=\"hljs-operator\">=<\/span> SecurityUtils.getSubject();\r\n\r\n<span class=\"hljs-comment\">\/\/ \u521b\u5efa\u4e00\u4e2a UsernamePasswordToken \u5bf9\u8c61\uff0c\u5c06\u7528\u6237\u63d0\u4f9b\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u5c01\u88c5\u5230\u8be5\u5bf9\u8c61\u4e2d<\/span>\r\n<span class=\"hljs-type\">UsernamePasswordToken<\/span> <span class=\"hljs-variable\">token<\/span> <span class=\"hljs-operator\">=<\/span> <span class=\"hljs-keyword\">new<\/span> <span class=\"hljs-title class_\">UsernamePasswordToken<\/span>(username, password);\r\n\r\n<span class=\"hljs-keyword\">try<\/span> {\r\n    <span class=\"hljs-comment\">\/\/ \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1<\/span>\r\n    currentUser.login(token);\r\n\r\n    <span class=\"hljs-comment\">\/\/ \u8eab\u4efd\u9a8c\u8bc1\u6210\u529f\uff0c\u8fdb\u884c\u6388\u6743\u64cd\u4f5c<\/span>\r\n    <span class=\"hljs-keyword\">if<\/span> (currentUser.isAuthenticated()) {\r\n        <span class=\"hljs-comment\">\/\/ \u68c0\u67e5\u7528\u6237\u662f\u5426\u6709\u67d0\u4e2a\u89d2\u8272<\/span>\r\n        <span class=\"hljs-keyword\">if<\/span> (currentUser.hasRole(<span class=\"hljs-string\">\"admin\"<\/span>)) {\r\n            <span class=\"hljs-comment\">\/\/ \u6267\u884c\u67d0\u4e2a\u64cd\u4f5c<\/span>\r\n        } <span class=\"hljs-keyword\">else<\/span> {\r\n            <span class=\"hljs-comment\">\/\/ \u6ca1\u6709\u6743\u9650\u6267\u884c\u8be5\u64cd\u4f5c<\/span>\r\n        }\r\n\r\n        <span class=\"hljs-comment\">\/\/ \u68c0\u67e5\u7528\u6237\u662f\u5426\u5177\u6709\u67d0\u4e2a\u6743\u9650<\/span>\r\n        <span class=\"hljs-keyword\">if<\/span> (currentUser.isPermitted(<span class=\"hljs-string\">\"user:create\"<\/span>)) {\r\n            <span class=\"hljs-comment\">\/\/ \u6267\u884c\u67d0\u4e2a\u64cd\u4f5c<\/span>\r\n        } <span class=\"hljs-keyword\">else<\/span> {\r\n            <span class=\"hljs-comment\">\/\/ \u6ca1\u6709\u6743\u9650\u6267\u884c\u8be5\u64cd\u4f5c<\/span>\r\n        }\r\n    }\r\n} <span class=\"hljs-keyword\">catch<\/span> (AuthenticationException e) {\r\n    <span class=\"hljs-comment\">\/\/ \u8eab\u4efd\u9a8c\u8bc1\u5931\u8d25<\/span>\r\n}\r\n<\/code><\/pre>\n<p>This is just a simple example, but in reality, you may need more complex logic and configurations to meet your needs. You can refer to Shiro&#8217;s official documentation and sample code to learn more about Shiro authentication and authorization.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Shiro is a powerful and flexible Java security framework that can be used to implement authentication and authorization features. Here are the general steps for using Shiro for authentication and authorization: Add Shiro dependency: Include Shiro related dependencies in the Maven or Gradle configuration file of the project. Configure Shiro: Create a Shiro configuration file [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-25944","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How can Shiro achieve authentication and authorization? - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How can Shiro achieve authentication and authorization?\" \/>\n<meta property=\"og:description\" content=\"Shiro is a powerful and flexible Java security framework that can be used to implement authentication and authorization features. Here are the general steps for using Shiro for authentication and authorization: Add Shiro dependency: Include Shiro related dependencies in the Maven or Gradle configuration file of the project. Configure Shiro: Create a Shiro configuration file [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SiliCloudGlobal\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-16T05:55:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-22T07:23:42+00:00\" \/>\n<meta name=\"author\" content=\"William Carter\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SiliCloudGlobal\" \/>\n<meta name=\"twitter:site\" content=\"@SiliCloudGlobal\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"William Carter\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/\"},\"author\":{\"name\":\"William Carter\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/f697031891aacefc4b681d139781d3c0\"},\"headline\":\"How can Shiro achieve authentication and authorization?\",\"datePublished\":\"2024-03-16T05:55:34+00:00\",\"dateModified\":\"2024-03-22T07:23:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/\"},\"wordCount\":244,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/\",\"url\":\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/\",\"name\":\"How can Shiro achieve authentication and authorization? - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#website\"},\"datePublished\":\"2024-03-16T05:55:34+00:00\",\"dateModified\":\"2024-03-22T07:23:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.silicloud.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How can Shiro achieve authentication and authorization?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/blog\/\",\"name\":\"Silicon Cloud Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\",\"name\":\"Silicon Cloud Blog\",\"url\":\"https:\/\/www.silicloud.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png\",\"contentUrl\":\"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png\",\"width\":1024,\"height\":1024,\"caption\":\"Silicon Cloud Blog\"},\"image\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SiliCloudGlobal\/\",\"https:\/\/twitter.com\/SiliCloudGlobal\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/f697031891aacefc4b681d139781d3c0\",\"name\":\"William Carter\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1786698071dd8d74bec894b512f9e3c610c3a2a32985f67e688976cee3c8bbef?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1786698071dd8d74bec894b512f9e3c610c3a2a32985f67e688976cee3c8bbef?s=96&d=mm&r=g\",\"caption\":\"William Carter\"},\"url\":\"https:\/\/www.silicloud.com\/blog\/author\/williamcarter\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How can Shiro achieve authentication and authorization? - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/","og_locale":"en_US","og_type":"article","og_title":"How can Shiro achieve authentication and authorization?","og_description":"Shiro is a powerful and flexible Java security framework that can be used to implement authentication and authorization features. Here are the general steps for using Shiro for authentication and authorization: Add Shiro dependency: Include Shiro related dependencies in the Maven or Gradle configuration file of the project. Configure Shiro: Create a Shiro configuration file [&hellip;]","og_url":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/","og_site_name":"Blog - Silicon Cloud","article_publisher":"https:\/\/www.facebook.com\/SiliCloudGlobal\/","article_published_time":"2024-03-16T05:55:34+00:00","article_modified_time":"2024-03-22T07:23:42+00:00","author":"William Carter","twitter_card":"summary_large_image","twitter_creator":"@SiliCloudGlobal","twitter_site":"@SiliCloudGlobal","twitter_misc":{"Written by":"William Carter","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/#article","isPartOf":{"@id":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/"},"author":{"name":"William Carter","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/f697031891aacefc4b681d139781d3c0"},"headline":"How can Shiro achieve authentication and authorization?","datePublished":"2024-03-16T05:55:34+00:00","dateModified":"2024-03-22T07:23:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/"},"wordCount":244,"commentCount":0,"publisher":{"@id":"https:\/\/www.silicloud.com\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/","url":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/","name":"How can Shiro achieve authentication and authorization? - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/blog\/#website"},"datePublished":"2024-03-16T05:55:34+00:00","dateModified":"2024-03-22T07:23:42+00:00","breadcrumb":{"@id":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/blog\/how-can-shiro-achieve-authentication-and-authorization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.silicloud.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How can Shiro achieve authentication and authorization?"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/blog\/#website","url":"https:\/\/www.silicloud.com\/blog\/","name":"Silicon Cloud Blog","description":"","publisher":{"@id":"https:\/\/www.silicloud.com\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.silicloud.com\/blog\/#organization","name":"Silicon Cloud Blog","url":"https:\/\/www.silicloud.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png","contentUrl":"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png","width":1024,"height":1024,"caption":"Silicon Cloud Blog"},"image":{"@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SiliCloudGlobal\/","https:\/\/twitter.com\/SiliCloudGlobal"]},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/f697031891aacefc4b681d139781d3c0","name":"William Carter","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1786698071dd8d74bec894b512f9e3c610c3a2a32985f67e688976cee3c8bbef?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1786698071dd8d74bec894b512f9e3c610c3a2a32985f67e688976cee3c8bbef?s=96&d=mm&r=g","caption":"William Carter"},"url":"https:\/\/www.silicloud.com\/blog\/author\/williamcarter\/"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/25944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/comments?post=25944"}],"version-history":[{"count":1,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/25944\/revisions"}],"predecessor-version":[{"id":60083,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/25944\/revisions\/60083"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/media?parent=25944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/categories?post=25944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/tags?post=25944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}