I just pushed a new Bootique Shiro Demo Application to GitHub. We'll cover the basics in this post and the details later. The app uses the following Bootique Modules: Jetty, MVC, Shiro and JDBC. Those also bring us the services of Jersey and Mustache.
I used my Bootique MVC Demo app as the baseline and added Bootique Shiro. You'll find several NixMash posts on the MVC app and the source code on GitHub. Adding the Shiro Module was as easy as adding the Dependency in the pom.xml.
In the bootique.yml we specify the access to our paths.
"/admin" : authc, roles[admin]
"/users" : authc
"/login" : anon
"/" : anon
"/unauthorized" : anon
Our two users are bob and ken. Two roles are user and admin. Bob has both roles while ken is a user. Only registered users can view the /users page and only bob as admin can view the /admin page.
As for the remaining configuration code, we're retrieving users from a database and not from our bootique.yml. To do that we created a custom Shiro Realm which we will add in the Bootique main module config().
Package pkg = GeneralController.class.getPackage();
JettyModule.extend(binder).addStaticServlet("s1", "/css/*", "/img/*", "/js/*");
Shiro in Action
Here's our Home Page where the available users are displayed.
As you can see at the bottom of the Home Page, the current user is anonymous. With the Shiro configuration you've seen earlier–which is very little–the anonymous user is automatically directed to the Login Page when attempting to view a page requiring authentication.
Ken is logged in as you see by the Current User info at the bottom of the Registered Users Only page.
When Ken attempts to enter Administration he is redirected to the Unauthorized Page.
We'll cover some of the interesting details of Bootique Shiro in future posts.