Microservice Permission Design with Shiro, Redis Session Sharing, and Dubbo
The article presents a detailed guide on designing and implementing fine-grained permission control for microservices using Apache Shiro, Spring Boot, Dubbo, and Redis to share session data across services, including code examples, configuration steps, and testing of role‑based access.
This article discusses the design and implementation of permission control in a microservice architecture using Apache Shiro, Spring Boot, Dubbo, and Redis for shared session management.
It first compares Shiro and Spring Security, then proposes a solution that separates the Shiro module from user services while sharing session data via a custom CacheManager and EnterpriseCacheSessionDAO .
The project structure includes common modules ( common-core , common-cache , common-auth ), a gateway, user and video services, and demonstrates how to configure Shiro, create custom realms, and implement Redis‑based session storage with code examples such as public DefaultWebSecurityManager() and public static JedisPool initialPool() .
The article also shows how to handle authentication, authorization, and exception mapping, and provides testing steps for role‑based access control, illustrating both successful and unauthorized requests.
Architecture Digest
Focusing on Java backend development, covering application architecture from top-tier internet companies (high availability, high performance, high stability), big data, machine learning, Java architecture, and other popular fields.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.