Skip to content

The Micro Demo

Jump to bottom Edit New page
Tim Niblett edited this page Oct 14, 2012 · 3 revisions

The micro demo shows how to incorporate Persona and Shiro into a servlet-based Java web application.

Please run

mvn install

on the base library, or in the root, before you start.

To run the demo, change to the micro-demo directory mvn install and then mvn jetty:run. The demo will be on localhost:8080 by default.

With the demo you'll see a login button and a couple of links to protected resources.

To access the sensitive resource you must log in via the login button, and login with Persona and a valid Email address.

To access the sensitive resource requiring admin privileges you need to edit the shiro.ini file which you can find in the src/main/resources sub-directory of the module. You should replace the [email protected] line with your own address, or just add your address as an addition line, e.g.

<your mail address> = password, admin

The password is not used, but is required by the Shiro ini syntax, The rest of the line just asserts that this user has the admin role, which is required to access onlyadmin.html.

Implementation

We've tried to make the demo simple so as to make the necessary code as clear as possible. Any simplifications are welcome.

The necessary Java code is all inside the com.cilogi.shiro.microdemo package.

The login servlet is called in two contexts. First, when a user logs in on the client and an Ajax call is made. Second, when a resource requiring authentication is requested and authentication must be done before access can be granted. In this second case there will be a redirect URL to which the servlet should redirect users after authentication. In the first case the Ajax code needs to be told that the authentication is OK, and the Email address of the logged-in user.

The second case is handled by the doGet method which displays a page and asks the user to log in. The first case is handled by the doPost method.

The key lines of code are:

PersonaAuthenticationToken personaToken 
  = new PersonaAuthenticationToken(token, "http://localhost:8080", true);
personaLogin.login(personaToken);

In the first line the token is the token passed in from the login process. This token must be validated by Persona. The host and port of your server must also be passed along.

The second line does the login by contacting the Persona servers (or other parties once Persona is more widely used). If the token cannot be authorized then an Authentication exception is thrown.

Our library assumes that you will have some sort of user management. The MicroPersonaRealm and MicroPersonaUserDAO classes provide a minimal interface to a null implementation which does not store or manage any information about users.

The key class id MicroPersonaUserDAO which implements the IPersonaUserDAO interface. In this case everyone who logs in is given the role user and the names, roles and permsissions of users specified in the shiro.ini file are copied. This lets you use the shiro.ini file for small applications, where you will have a limited number of distinguished users whose permission and roles differ from ordinary users.

Add a custom footer
Add a custom sidebar
Clone this wiki locally