shiro-uaa lightweight user account and identity authentication service v1.0.7

shiro-uaa is a lightweight user account and identity authentication solution (UAA) service based on Shiro.

source

When you first start a project, I believe that Shiro's simplicity will become the first choice for most developers' permission framework. However, when the project expands from 1 to n and requires unified authentication and authorization, Shiro itself does not support unified authentication and authorization. has become a limitation. Shiro has CasFilter, but CAS is another set of frameworks, which is heavier. In order to make the authentication and authorization service simpler, lighter and easier to use, Shiro-UAA was created.

Why use shiro-uaa

Lightweight UAA Server

Pure Shiro

Easy to learn

Easy to expand

Ready out of the box

Authentication and authorization process

illustrate

1.auth-server

maven

com.github.xfslove shiro-uaa-resource-server 1.0.7-SNAPSHOT

Built-in endpoint

URI address description/uaa-auth/authenticationThe address for requesting authorization will be directed to your login page/uaa-auth/authentication/apporveAuth Server agrees to authorize and distributes the code address/uaa-auth/access-token to obtain access-from the Auth Server Token address/uaa-auth/logout address to log out from the Auth Server

Extensible API

Interface name description AccessClientService access application service AccessTokenService access-token service AccountService user service AuthCodeServicecode service RoleService role service

login

Customize the Login page and login verification, implement org.apache.shiro.authc.credential.CredentialsMatcher, implement verification logic during login, and configure shiro.loginUrl

forwardError

By default, when an OAuthProblem occurs on the Server, it will jump to the Resource address (redirect_uri parameter) with error information. If forwardErrorUrl is configured, it will not redirect and display the error page. The page needs to be customized and configure shiro.uaa .server.forwardErrorUrl, the purpose of this configuration is to prevent abnormal jumps using Server

Extended configuration parameters

Parameter name description shiro.uaa.server.codeExpiresUAA distribution Code expiration time, the unit is seconds shiro.uaa.server.accessTokenExpiresUAA distribution AccessToken expiration time, the unit is seconds shiro.uaa.server.refreshTokenExpiresUAA distribution RefreshToken expiration time, the unit is shiro seconds. loginUrl custom login address shiro.uaa.server.clients[].name access application name, valid when using the default memory AccessClientService shiro.uaa.server.clients[].clientId access application clientId, valid when using the default memory AccessClientService shiro.uaa.server.clients[].clientSecret access application clientSecret, valid when using the default memory AccessClientService shiro.uaa.server.roles[].name role name, corresponding to Shiro's Role, valid when using the default memory RoleService shiro.uaa .server.roles[].permCodes[] role permissions, corresponding to Shiro's Permission, valid when using the default memory RoleService shiro.uaa.server.roles[].clientId The application to which the role belongs, valid when using the default memory RoleService shiro.uaa.server .accounts[].username account login name, valid when using the default memory AccountService shiro.uaa.server.accounts[].password account password, valid when using the default memory AccountService shiro.uaa.server.accounts[].roles[] account Has a role and is valid when using the default memory AccountService shiro.uaa.server.forwardErrorUrl custom OAuthProblem Error address

2.resource-server

maven

com.github.xfslove shiro-uaa-resource-server 1.0.7-SNAPSHOT

filterChainDefinition

implement CustomFilterChainDefinition, define different paths to pass through different Filters, the default /** passes through resourceServerFilter

logout

Log out from Resource Server first, then log out from UAA, configure the shiro.logoutUrl parameter to load LogoutEndpoint

annotation

Same as Shiro

Annotation name@RequiresRoles@RequiresPermissions@RequiresUser@RequiresAuthentication@RequiresGuest

Extended configuration parameters

Parameter name description Shiro.uaa.resource.serverSchemeUAA address Schemeshiro.uaa.resource.serverHostUAA address Hostshiro.uaa.resource.serverPortUAA address Portshiro.uaa.resource.serverContextPathUAA address ContextPathshiro.uaa.resource.clientIdUAA assigned ClientIdshiro. uaa.resource.clientSecretClientSecretshiro.logoutUrlResource Server logout address assigned by UAA

3. biz-logger

Record user’s business records

com.github.xfslove shiro-uaa-biz-logger 1.0.7-SNAPSHOT

annotation

Annotation name @BizLogger annotation method description remark remarks, default: ""class_whether to record the class name, default: truemethod whether to record the method name, default: truearguments needs to record the index of the parameter, default: {}return_whether to record the return value, default :falsesubjectWhether to record the user name, default: true

BizLoggerEntityStringifier

implement BizLoggerEntityStringifier, customize logger output content

Requires

jdk1.8+ and spring boot

TODO

Provide auth-server deployable services

Provide user metrics to auth-server