1. What is Shiro Shiro is a security framework provided by Apache. It is a permission management framework that performs authentication, authorization, password and session management. It is very powerful and easy to use; There is Spring Security in Spring, which is a permissions framework. It is too closely dependent on Spring and is not […]
Tag: shiro
# Poverty alleviation and assistance system source code based on Java-SpringBoot2.X-VUE-Antd-MyBatis-Shiro-Graduation Project
Poverty alleviation system source code based on Java-SpringBoot2.X-VUE-Antd-MyBatis-Shiro-Graduation Project Introduction SpringBoot2. System overview diagram Contact the author This is the author’s WeChat QR code. If you need the source code of this project, you can scan the code or contact the author at VX:flyCoding2. Demo address Login address: https://www.skywalking.pro/poor-assist Login account: admin Login password: 123456 […]
Springboot integrated shiro
1. Introduction to Shiro Shiro is a security framework provided by Apache. Shiro provides authentication, authorization, encryption, session management and other functions. For any application, Shiro can provide comprehensive security management services. 2. Springboot integrated shiro 1.Introduce dependencies <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.10.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-web-starter</artifactId> </dependency> 2.Write configuration class (1)UserRealm class package com.example.shiro.config; import […]
shiro-redis-jwt integration
1. Integrated process logic 2. Integration steps 1. Import the starter package of shiro-redis: There is also the jwt tool package toolkit, and to simplify development, I introduced the hutool toolkit. <!–shiro-redis integration–> <dependency> <groupId>org.crazycake</groupId> <artifactId>shiro-redis-spring-boot-starter</artifactId> <version>3.2.1</version> </dependency> <!–hutool tool class–> <dependency> <groupId>cn.hutool</groupId> <artifactId>hutool-all</artifactId> <version>5.3.3</version> </dependency> <!– jwt –> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency> 2. […]
Shiro (2) Basic use of principles
Article directory 2. Basic use of principles 2.1 Environment preparation 2.2 Login authentication 2.2.1 Login authentication concept 2.2.2 Basic login authentication process 2.2.3 Login authentication example 2.2.4 Identity authentication process 2.3 Roles and authorization 2.3.1 Authorization concept 2.3.2 Authorization method 2.3.3 Authorization process 2.3.4 Authorization Example 2.4 Shiro encryption 2.5 Shiro custom login authentication 2. […]
2. Basic use of Shiro framework (1)
2.1 Certification Process 2.2 Authorization process 2.3 SimpleAccountRealm Create a maven project and add the following dependencies <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.0</version> </dependency> Code testing: (authentication and role verification) @Test public void simple(){ //1.Create Realm SimpleAccountRealm realm = new SimpleAccountRealm(); realm.addAccount(“admin”,”admin”,”Super Administrator”); //2.SecurityManager DefaultSecurityManager securityManager = new DefaultSecurityManager(); //3. Establish a connection between SecurityManager and Realm […]
Shiro deserialization vulnerability principle analysis and vulnerability reproduction (CVE-2016-4437)
Table of Contents Shiro-550 Deserialization Vulnerability Vulnerability introduction Vulnerability principle Shiro-721 Deserialization Vulnerability (CVE-2019-12422) What is the difference between Shiro550 and Shiro721 vulnerability fingerprint Vulnerability introduction Vulnerability principle Attack process Vulnerability recurrence: CVE-2016-4437 Vulnerability recurrence: CVE-2019-12422 Shiro-550 Deserialization Vulnerability Vulnerability Introduction shiro-550 is mainly a command execution vulnerability caused by the deserialization of shiro’s rememberMe […]
Framework Security-CVE Recurrence&Apache Shiro&Apache Solr Vulnerability Recurrence
Article directory Service Attack and Defense – Framework Security &CVE Recurrence &Apache Shiro &Apache Solr Vulnerability Recurrence Middleware list Common development frameworks Apache Shiro – Component Framework Security Exposed security issues Vulnerability recurrence Apache Shiro Authentication Bypass Vulnerability (CVE-2020-1957) CVE-2020-11989 Authentication Bypass Vulnerability CVE_2016_4437 Shiro-550 & amp; & amp; CVE-2019-12422 Shiro-721 vulnerability reappears Apache Solr-Component […]
Shiro integrates EhCache
Caching tool EhCache EhCache is a widely used open source Java distributed cache. Mainly for general cache, Java EE and lightweight containers. It can be seamlessly integrated with most Java projects. For example, the cache in Hibernate is implemented based on EhCache. EhCache supports memory and disk storage. It is stored in memory by default. […]
Specific execution process of using ShiroFilter
Background When I was migrating in the project today, I was using Renren’s open source back-end system. The system integrates Shiro because individuals were also researching Shiro during this time. I saw that the usage of Renren’s backend was not very similar to what I had learned before, so I searched online to find out […]