Google Git
Sign in
apache / causeway-site / 7978a1eb382b3ce11a0defd8a20ac1469255a0f5 / . / content / security / 2.0.0-M3 / shiro / about / configuring-isis-to-use-shiro.html
blob: 6dde133b0975fc1d17b4c9dd439be83826efcac7 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Configuring to use Shiro :: Apache Isis</title>
<link rel="canonical" href="https://isis.apache.org/security/2.0.0-M3/shiro/about/configuring-isis-to-use-shiro.html">
<meta name="generator" content="Antora 2.2.0">
<link rel="stylesheet" href="../../../../_/css/site.css">
<link rel="stylesheet" href="../../../../_/css/site-custom.css">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,700,700i|Raleway:300,400,500,700,800|Montserrat:300,400,700" rel="stylesheet">
<link rel="home" href="https://isis.apache.org" title="Apache Isis">
</head>
<body class="article">
<header class="header">
<nav class="navbar">
<div class="navbar-brand">
<a class="navbar-item" href="https://isis.apache.org">
<span class="icon">
<img src="../../../../_/img/isis-logo-48x48.png"></img>
</span>
<span>Apache Isis</span>
</a>
<button class="navbar-burger" data-target="topbar-nav">
<span></span>
<span></span>
<span></span>
</button>
</div>
<div id="topbar-nav" class="navbar-menu">
<a class="navbar-end">
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Quick Start</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">Starter Apps</span>
<a class="navbar-item" href="../../../../docs/latest/starters/helloworld.html">Hello World</a>
<a class="navbar-item" href="../../../../docs/latest/starters/simpleapp.html">Simple App</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Demos &amp; Tutorials</span>
<a class="navbar-item" href="../../../../docs/latest/demo/about.html">Demo App</a>
<a class="navbar-item" href="https://danhaywood.gitlab.io/isis-petclinic-tutorial-docs/petclinic/1.16.2/intro.html">Petclinic (tutorial)</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Resources</span>
<a class="navbar-item" href="../../../../docs/latest/resources/cheatsheet.html">Cheatsheet</a>
<a class="navbar-item" href="../../../../docs/latest/resources/icons.html">Icons</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Guides</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">Development</span>
<a class="navbar-item" href="../../../../setupguide/latest/about.html">Setup Guide</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Core</span>
<a class="navbar-item" href="../../../../userguide/latest/about.html">User Guide</a>
<a class="navbar-item" href="../../../../refguide/latest/about.html">Reference Guide</a>
<a class="navbar-item" href="../../../../testing/latest/about.html">Testing Guide</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Libraries</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">For Use in Apps</span>
<a class="navbar-item" href="../../../../subdomains/latest/about.html">Subdomain Libraries</a>
<a class="navbar-item" href="../../../../valuetypes/latest/about.html">Value Types</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Integrate between Apps</span>
<a class="navbar-item" href="../../../../mappings/latest/about.html">Bounded Context Mapping Libraries</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Other</span>
<a class="navbar-item" href="../../../../incubator/latest/about.html">Incubator</a>
<a class="navbar-item" href="../../../../legacy/latest/about.html">Legacy</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Components</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">Viewers</span>
<a class="navbar-item" href="../../../../vw/latest/about.html">Wicket UI</a>
<a class="navbar-item" href="../../../../vro/latest/about.html">Restful Objects (REST)</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Security</span>
<a class="navbar-item" href="../../../../security/latest/about.html">Security Guide</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Persistence</span>
<a class="navbar-item" href="../../../../pjdo/latest/about.html">DataNucleus (JDO)</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Extensions</span>
<a class="navbar-item" href="../../../../extensions/latest/about.html">Extensions Catalog</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Support</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">Contact</span>
<a class="navbar-item" href="../../../../docs/latest/support/slack-channel.html">Slack</a>
<a class="navbar-item" href="../../../../docs/latest/support/mailing-list.html">Mailing Lists</a>
<a class="navbar-item" href="https://issues.apache.org/jira/browse/ISIS">JIRA</a>
<a class="navbar-item" href="https://stackoverflow.com/questions/tagged/isis">Stack Overflow</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Releases</span>
<a class="navbar-item" href="../../../../docs/latest/downloads/how-to.html">Downloads</a>
<a class="navbar-item" href="../../../../relnotes/latest/about.html">Release Notes</a>
<a class="navbar-item" href="../../../../docs/latest/archive/1-x.html">Archive (1.x)</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Framework</span>
<a class="navbar-item" href="../../../../conguide/latest/about.html">Contributors' Guide</a>
<a class="navbar-item" href="../../../../comguide/latest/about.html">Committers' Guide</a>
<a class="navbar-item" href="../../../../core/latest/about.html">Core Design</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">ASF</a>
<div class="navbar-dropdown">
<a class="navbar-item" href="http://www.apache.org/">Apache Homepage</a>
<a class="navbar-item" href="https://www.apache.org/events/current-event">Events</a>
<a class="navbar-item" href="https://www.apache.org/licenses/">Licenses</a>
<a class="navbar-item" href="https://www.apache.org/security/">Security</a>
<a class="navbar-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
<a class="navbar-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a>
<hr class="navbar-divider"/>
<a class="navbar-item" href="https://whimsy.apache.org/board/minutes/Isis.html">PMC board minutes</a>
</div>
</div>
<a class="navbar-item" href="../../../../docs/latest/about.html">
<span class="icon">
<img src="../../../../_/img/home.png"></img>
</span>
</a>
</div>
</div>
</nav>
</header>
<div class="body ">
<div class="nav-container" data-component="security" data-version="2.0.0-M3">
<aside class="nav">
<div class="panels">
<div class="nav-panel-pagination">
<a class="page-previous disabled" rel="prev" href="" title=""><span></span></a>
<a class="page-next disabled" rel="next"
href="" title=""><span></span></a>
<!--
page.parent doesn't seem to be set...
<a class="page-parent disabled" rel="prev" href="" title=""><span></span></a>
-->
</div>
<div class="nav-panel-menu is-active" data-panel="menu">
<nav class="nav-menu">
<h3 class="title"><a href="../../about.html">Security Guide</a></h3>
<ul class="nav-list">
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../domain-services-api-for-applications.html">Domain Services API</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../core/about.html">API</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../bypass/about.html">Bypass Implementation</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../about.html">Shiro Implementation</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../keycloak/about.html">Keycloak Implementation</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../usage-by-isis-viewers.html">Usage by Isis Viewers</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<span class="nav-text">Extensions</span>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../audit-trail/about.html">Audit Trail</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../shiro-realm-ldap/about.html">LDAP Realm for Shiro</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../about.html">Secman</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="#security:ROOT:api.adoc">API</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="#security:ROOT:model.adoc">Model</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="#security:ROOT:jbcrypt-encryption.adoc">JBCrypt Encryption</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="#security:ROOT:jdo-persistence.adoc">JDO Persistence</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="#security:ROOT:shiro-realm.adoc">Realm (for Shiro)</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../session-log/about.html">Session Log</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</nav>
</div>
<div class="nav-panel-explore" data-panel="explore">
<div class="context">
<span class="title">Security Guide</span>
<span class="version">2.0.0-M3</span>
</div>
<ul class="components">
<li class="component">
<span class="title"> </span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../docs/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">BC Mappings Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../mappings/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Committers' Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../comguide/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Contributors' Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../conguide/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Design Docs</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../core/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Extensions Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../extensions/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Incubator Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../incubator/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">JDO/DataNucleus</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../pjdo/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Legacy Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../legacy/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Reference Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../refguide/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Release Notes</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../relnotes/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Restful Objects Viewer</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../vro/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component is-current">
<span class="title">Security Guide</span>
<ul class="versions">
<li class="version is-current is-latest">
<a href="../../about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Setup Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../setupguide/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Subdomains Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../subdomains/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Testing Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../testing/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">User Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../userguide/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Value Types Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../valuetypes/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Wicket Viewer</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../../vw/2.0.0-M3/about.html">2.0.0-M3</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</aside>
</div>
<main role="main">
<div class="toolbar" role="navigation">
<button class="nav-toggle"></button>
<a href="../../../../docs/2.0.0-M3/about.html" class="home-link"></a>
<nav class="breadcrumbs" aria-label="breadcrumbs">
<ul>
<li><a href="../../about.html">Security Guide</a></li>
<li><a href="configuring-isis-to-use-shiro.html">Configuring to use Shiro</a></li>
</ul>
</nav>
<div class="edit-this-page"><a href="https://github.com/apache/isis/edit/2.0.0-M3/security/shiro/src/main/adoc/modules/shiro/pages/about/configuring-isis-to-use-shiro.adoc">Edit</a></div>
</div>
<article class="doc">
<a name="section-top"></a>
<h1 class="page">Configuring to use Shiro</h1>
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>Apache Isis' security mechanism is configurable, specifying an <code>Authenticator</code> and an <code>Authorizor</code> (non-public) APIs.
The Shiro security mechanism is an integration wih Apache Shiro that implements both interfaces.</p>
</div>
<div class="admonitionblock tip">
<table>
<tr>
<td class="icon">
<i class="fa icon-tip" title="Tip"></i>
</td>
<td class="content">
<div class="paragraph">
<p>Both the <a href="../../../../docs/2.0.0-M3/starters/helloworld.html" class="page">HelloWorld</a> and <a href="../../../../docs/2.0.0-M3/starters/simpleapp.html" class="page">SimpleApp</a> starter apps are pre-configured to use Apache Shiro, so much of what follows may well have been set up already.</p>
</div>
</td>
</tr>
</table>
</div>
</div>
</div>
<div class="sect1">
<h2 id="telling-apache-isis-to-use-shiro"><a class="anchor" href="#telling-apache-isis-to-use-shiro"></a>Telling Apache Isis to use Shiro</h2>
<div class="sectionbody">
<div class="paragraph">
<p>To tell Apache Isis to use Shiro, include <code>IsisModuleSecurityShiro</code> module in the top-level "app manifest".</p>
</div>
<div class="paragraph">
<p>For example, the <a href="../../../../docs/2.0.0-M3/starters/simpleapp.html" class="page">SimpleApp</a> starter app bootstraps using:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-java hljs" data-lang="java">@Configuration
@Import({
// ...
IsisModuleSecurityShiro.class, <i class="conum" data-value="1"></i><b>(1)</b>
// ...
})
// ...
public class AppManifest {
}</code></pre>
</div>
</div>
<div class="colist arabic">
<table>
<tr>
<td><i class="conum" data-value="1"></i><b>1</b></td>
<td>configures Shiro.</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>This installs the appropriate implementation (the <code>ShiroAuthenticatorOrAuthorizor</code> class) that use Shiro&#8217;s APIs to perform authentication and authorization:</p>
</div>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/configuration/configure-isis-to-use-shiro.png"><img src="../_images/configuration/configure-isis-to-use-shiro.png" alt="configure isis to use shiro" width="600px"></a>
</div>
</div>
<div class="paragraph">
<p>The figure above doesn&#8217;t tell the whole story; we haven&#8217;t yet seen how Shiro itself is configured to use realms.
The <code>ShiroAuthenticatorOrAuthorizor</code> is in essence the glue between the Apache Isis runtime and Shiro.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="configuring-shiro-authenticator"><a class="anchor" href="#configuring-shiro-authenticator"></a>Configuring Shiro Authenticator</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The <code>ShiroAuthenticatorOrAuthorizor</code> class itself supports a single optional property.
This can be configured in <code>authentication_shiro.properties</code> file:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">isis.security.shiro.autoLogoutIfAlreadyAuthenticated=false</code></pre>
</div>
</div>
<div class="paragraph">
<p>This configuration property only comes into effect for the <a href="../../../../vro/2.0.0-M3/about.html" class="page">Restful Objects viewer</a>; if set then the Shiro subject - if found to be still authenticated - will be logged out anyway and then re-authenticated.</p>
</div>
<div class="admonitionblock warning">
<table>
<tr>
<td class="icon">
<i class="fa icon-warning" title="Warning"></i>
</td>
<td class="content">
<div class="paragraph">
<p>There should generally be no need to change this property from its default (<code>false</code>).
Setting it to <code>true</code> may cause a race condition resulting in exceptions being logged.</p>
</div>
</td>
</tr>
</table>
</div>
</div>
</div>
<div class="sect1">
<h2 id="bootstrapping-shiro"><a class="anchor" href="#bootstrapping-shiro"></a>Bootstrapping Shiro</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The Shiro environment (in essence, thread-locals holding the security credentials) needs to be bootstrapped using the following settings in the <code>WEB-INF/web.xml</code> file:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-xml hljs" data-lang="xml">&lt;listener&gt;
&lt;listener-class&gt;org.apache.shiro.web.env.EnvironmentLoaderListener&lt;/listener-class&gt;
&lt;/listener&gt;
&lt;filter&gt;
&lt;filter-name&gt;ShiroFilter&lt;/filter-name&gt;
&lt;filter-class&gt;org.apache.shiro.web.servlet.ShiroFilter&lt;/filter-class&gt;
&lt;/filter&gt;
&lt;filter-mapping&gt;
&lt;filter-name&gt;ShiroFilter&lt;/filter-name&gt;
&lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/filter-mapping&gt;</code></pre>
</div>
</div>
<div class="paragraph">
<p>Based on this Shiro will then read <code>WEB-INF/shiro.ini</code> file to configure its Realm definitions for authentication and authorization.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="web-infshiro-ini"><a class="anchor" href="#web-infshiro-ini"></a><code>WEB-INF/shiro.ini</code></h2>
<div class="sectionbody">
<div class="paragraph">
<p>The <code>shiro.ini</code> file is used to specify the realm(s) that Shiro will delegate to:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">securityManager.realms = $realmName</code></pre>
</div>
</div>
<div class="paragraph">
<p>Shiro&#8217;s ini file supports a "poor-man&#8217;s" dependency injection (<a href="https://shiro.apache.org/configuration.html">their words</a>), and so <code>$realmName</code> in the above example is a reference to a realm defined elsewhere in <code>shiro.ini</code>.
The subsequent sections describe the specifics for thevarious realm implementations available to you.</p>
</div>
<div class="paragraph">
<p>It&#8217;s also possible to configure Shiro to support multiple realms.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-ini hljs" data-lang="ini">securityManager.realms = $realm1,$realm2</code></pre>
</div>
</div>
<div class="paragraph">
<p>You can learn more about Shiro realms in the <a href="http://shiro.apache.org/realm.html">Shiro documentation</a>.</p>
</div>
</div>
</div>
</article>
<aside class="article-aside toc" role="navigation">
<p class="toc-title">On this page</p>
<div id="article-toc"></div>
</aside>
</main>
</div>
<footer class="footer">
<div class="content">
<div class="copyright">
<p>
Copyright © 2010~2020 The Apache Software Foundation, licensed under the Apache License, v2.0.
<br/>
Apache, the Apache feather logo, Apache Isis, and the Apache Isis project logo are all trademarks of The Apache Software Foundation.
</p>
</div>
<div class="revision">
<p>Revision: SNAPSHOT</p>
</div>
</div>
</footer>
<script src="../../../../_/js/site.js"></script>
<script async src="../../../../_/js/vendor/highlight.js"></script>
<script src="../../../../_/js/vendor/jquery-3.4.1.min.js"></script>
<script src="../../../../_/js/vendor/jquery-ui-1.12.1.custom.widget-only.min.js"></script>
<script src="../../../../_/js/vendor/jquery.tocify.min.js"></script>
<script>
$(function() {
$("#article-toc").tocify( {
showEffect: "slideDown",
hashGenerator: "pretty",
hideEffect: "slideUp",
selectors: "h2, h3",
scrollTo: 120,
smoothScroll: true,
theme: "jqueryui",
highlightOnScroll: true
} );
});
</script>
</body>
</html>