I am happy to announce the the 0.8.0-RC1 release of our Stormpath-Shiro integration.
This release builds on top of the recent Apache Shiro 1.4.0-RC2 release.
The 1.4.0 Apache Shiro release adds a handful of great features:
- More modular: new config, crypto and lang were modules split out from
shiro-core - New Spring Boot modules added (no more XML)
- New servlet fragment module
- New module for JAX-RS (based off https://github.com/silb/shiro-jersey
- Guice 4 support
- Shiro.ini string interpolation
Of course that’s not all, in the Stormpath integration we have:
- Updated to the latest Stormpath Java SDK: 1.1.4
- Moved the default configuration to stormpath-shiro.ini, for ease of use.
- Added a JAX-RS example application
- Added a Dropwizard and AngularJS example
I’ll cover most of these new features in upcoming blog posts, but for today let’s jump into string interpolation.
String Interpolation
This is one of those things that you know either by this term or another (substitution, filtering, etc). Basically, it comes down to evaluating a string containing one or more placeholders.
For example, in the Java world, the most common placeholder looks something like this: ${keyName}. Many Java tools and libraries use this format: Apache Maven, Gradle, Spring, Groovy, etc.
Enabling string interpolation in Apache Shiro is as simple as including a Maven dependency (or the equivalent in Gradle):
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-configuration2</artifactId>
<version>2.1</version>
</dependency>
This step is not needed for the stormpath-shiro-servlet-plugin, as this dependency is included by default.
Out of the box, system properties, environment variables, and Java constants are available for use.
Using the following shiro.ini example, we can replace the environment specific values with place holders.
[main] ds = com.mysql.jdbc.Driver ds.serverName = localhost ds.databaseName = db_name jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm jdbcRealm.dataSource = $ds
Using system properties dbDriver. dbHost, and dbName we end up with a shiro.ini that looks like:
[main]
ds = ${dbDriver}
ds.serverName = ${dbHost}
ds.databaseName = ${dbName}
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $ds
You can even set default value, since we are just using Apache Commons Configuration library,
taking this example one step further we can also define a default value for dbDriver:
[main]
ds = ${dbDriver:-com.mysql.jdbc.Driver}
ds.serverName = ${dbHost}
ds.databaseName = ${dbName}
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $ds
Personally, I prefer system properties over environment variables (as they are not inherited by forked processes), but those would work too:
[main]
ds = ${DB_DRIVER:-com.mysql.jdbc.Driver}
ds.serverName = ${DB_HOST}
ds.databaseName = ${DB_NAME}
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $ds
Java constants are handled slightly different, they need to be prefixed with const, so for java.nio.charset.StandardCharsets.UTF_8, you end up with ${const:java.nio.charset.StandardCharsets.UTF_8}.
Easy enough, now you can safely commit your shiro.ini file to source control and not worry about protecting your secrets or dealing with differences between environments.
A couple final points:
- Do not confuse the
${key}notation with Shiro’s$variable. - We recommend against storing passwords in System Properties.
They work on the same concept, but the first example is a string, and the latter is an object defined in a shiro.ini, in the above example$dsis a JDBC DataSource. - If you are using the
stormpath-shiro-servlet-pluginyou can also use any of thestormpath.*properties, for an example, see the default config.
The post String Interpolation with Apache Shiro appeared first on Stormpath User Identity API.