Today, we'll see how to use Wisdom framework with apache shiro to manage users authentication.
First, what is Wisdom ?
Wisdom is a young but promising Java web framework, to develope quickcly modular and dynamic web applications. You can check Wisdom website for more informations.
Unfortunaly it does not include yet users management. That's why I decided to try to embed apache shiro inside my project.
The goal is to manage multiple users with different roles and to be able to authenticate them and display different template according to their roles.
In this example I create some users during shiro initialisation, but in the next article I'll use a real database.
The sample project is available here
Now let's take a look at the code.
First the ShiroActivator class used to initialize shiro
This is just basic stuff here, it create 2 roles and 2 users. Just with this, you're done ! you can use shiro now.
Then when you submit your form login this route will be called.
As you can see it's really simple, in 3 lines of codes you're authenticated. The exceptions here will display a flash message on the view in case of error like wrong password.
Once you're logged you'll be redirected to the protected page which displays different content whether you are admin or not.
But how is the route protected if you're not logged ?
Here I do a combination of wisdom and shiro features. This is my protected route :
As you can see there is an annotation @Authenticated. It comes from wisdom. You have to specify the name of your authenticator implementation. This is mine
So in the getUsername() method, I simply use shiro to retrieve the current user, if it returns null, so you're not logged and the onUnauthorized method will be called. Otherwise the controller route will be executed correctly.
Once you're logged, you'll have a different message if you're admin or guest. To achieve this I add some if statements in my template.
As you can see on the ProtectedController, on method return we have a new UserHelper in our parameters. that mean you will be able to call methods of this class on our template to check the role of the current user.
So your template will know which statement to use depending of the user role.
This is everything you need. I let you check by yourself on the sample project the logout method cause it's not really complicated.
Have fun with this great framework !
