Shiro What can be done ?
Shiro It can help us finish it ： authentication , to grant authorization , encryption , session management , And Web integrate , Cache, etc
shiro What are the components ?
Authentication： identity authentication / Sign in , Verify whether the user has the corresponding identity ;
Authorization： to grant authorization , That is authority verification , Verify that an authenticated user has a permission ; That is to judge whether the user can do something , Common examples are ： Verify that a user has a role . Or fine-grained verification of whether a user has certain permissions on a resource ;
Manager： session management , That is, after the user logs in, it is a session , Before you quit , All of its information is in the conversation ; The conversation can be normal JavaSE Environmental , It can also be like this Web Environmental ;
Cryptography： encryption , Protect data security , For example, the password is encrypted and stored in the database , Not plain text storage ;
Web Support：Web support , It can be easily integrated into the Web Environmental Science ;
Caching： cache , For example, after the user logs in , Its user information , The role you have / Permissions don't have to be checked every time , This can improve efficiency ;
Concurrency：shiro Concurrent verification for multithreaded applications , That is, to start another thread in one thread , It can automatically propagate permissions ;
Testing： Provide test support ;
Run As： Allow one user to pretend to be another user （ If they allow it ） Access as ;
Remember Me： Remember me , This is a very common feature , After one login , Don't log in next time .
Remember that ,Shiro I don't want to maintain users , Maintenance Authority ; These need to be designed by ourselves / provide ; And then inject it through the corresponding interface Shiro that will do .
Apache Shiro Three core components of ：
1,Subject ： Actions of current user
2,SecurityManager： Used to manage all Subject
3,Realms： Used to verify permission information
Authentication and Authorization
stay shiro In the process of user authority authentication, it is realized by two methods ：
1,Authentication： It's the process of verifying the user's identity .
2,Authorization： It's authorization access control , It is used to authorize the user's operation , Verify that the user is allowed to perform the current operation , For example, visit a link , A resource file, etc .
Other components ：
In addition to the above components ,Shiro There are several other components ：
1,SessionManager ：Shiro It provides a session programming paradigm for any application .
2,CacheManager : Yes Shiro Other components of provide caching support .
That is to say, for us , The simplest one Shiro application ：
1, Application code passed Subject For authentication and authorization , and Subject And entrusted to SecurityManager;
2, We need to give Shiro Of SecurityManager injection Realm, So that SecurityManager Can get legal users and their permissions to judge .