A Custom Shiro Realm Example with Bootique

With Bootique you can specify users and role is your bootique.yml file, but for most use cases we need to retrieve user information from some other data source. For that we need to create our own Shiro Realm to retrieve and authorize our users. In this post we'll look at a custom Shiro Realm found in my Bootique Shiro Demo app on GitHub.

We're going to name our Shiro Realm NixmashRealm extending Apache Shiro AuthorizingRealm. The purpose of NixmashRealm is to retrieve the Shiro Subject on Login() and when the Subject's Roles and Permissions are required, like when a path has roles[admin] assigned in the bootique.yml. Here is the class layout where you see it overrides the AuthorizingRealm doGetAuthorizationInfo() and doGetAuthenticationInfo() returning an AuthenticationInfo object on Login() and AuthorizationInfo for Role and Permission testing.

Using the Custom Realm

As I said we first use our custom realm on Login() which returns an AuthenticationInfo object if the user with the submitted credentials is found. If the user is not found an Authentication Exception is thrown. Here is how we're interacting with the Shiro Realm from our LoginController [POST] method.

Adding the Realm to Bootique

One final step is required, adding the realm to the Bootique Shiro Module in the app main module config().

ShiroModule.extend(binder).addRealm(NixmashRealm.class);

Source Code Notes for this Post

Source code discussed in this post is found in my Bootique Shiro Demo app on GitHub.

Posted August 08, 2017 12:01 PM EDT

More Like This Post