Google Git
Sign in
apache/casbin-jcasbin-shiro-casbin

Apache Shiro's authorization middleware based on Casbin

Mirrored from https://github.com/apache/casbin-jcasbin-shiro-casbin.git
Clone this repo:

Branches

Tags

  1. d89fbb0 feat: fix GPG key in CI (#37) by Liao Xin · 1 year, 5 months ago master v1.3.0
  2. 6fd7de6 feat: improve README.md by Yang Luo · 1 year, 5 months ago v1.2.0
  3. dd5af99 feat: fix pom.xml to fix CI for publishing to https://central.sonatype.com (#35) by Liao Xin · 1 year, 5 months ago v1.1.0
  4. 3539f5c docs: replace gitter links with discord (#32) by YunShu · 2 years, 8 months ago
  5. 8da2f71 fix: update pom to fix distributionManagement (#31) by imp2002 · 3 years, 5 months ago v1.0.2

shiro-casbin

codebeat badge Build Status Coverage Status Javadocs Maven Central Discord

Apache Shiro's RBAC & ABAC Authorization Plug-in based on jCasbin

How it works?

1.Add configuration

You need to specify the path of the model file in the configuration file.

shiro-jcasbin:
  // madel path
  modelPath: src/test/resources/model/rbac_model.conf

Of course, you also need to configure the data source information in the spring configuration file. For example:

shiro-jcasbin:
  // madel path
  modelPath: src/test/resources/model/rbac_model.conf

spring:
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://localhost:3306/casbin?serverTimezone=GMT%2B8
    username: casbin_test
    password: TEST_casbin

2.Enable annotation interception

You need to enable annotation interception in Shiro's configuration file. As for annotation startup classes, please use the ShiroAdvisor, like this:

@Configuration
public class ShiroConfig {
    // Other configs is omitted.
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new ShiroAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}

3.Use the EnforcerAuth annotation.

Now you can use the EnforcerAuth annotation to the controller method, like this:

@RestController
public class EnforcerAuthController {
    // Other methods is omitted.
    @EnforcerAuth
    @GetMapping("/data")
    public String function1() {
        return "success";
    }
}

It will verify whether the current login user has the requested address permission. If the current login user has the permission, this controller method will work properly. If not, it will throw the exception which can prompt you that the current login user does not have the permission.If no user is currently logged in, it will throw the exception which can prompt you that you should login in.