Shiro What can be done ?

Shiro It can help us finish it : authentication , to grant authorization , encryption , session management , And Web integrate , Cache, etc

 

shiro What are the components ?

Authentication: identity authentication / Sign in , Verify whether the user has the corresponding identity ;

Authorization: to grant authorization , That is authority verification , Verify that an authenticated user has a permission ; That is to judge whether the user can do something , Common examples are : Verify that a user has a role . Or fine-grained verification of whether a user has certain permissions on a resource ;

Session
Manager: session management , That is, after the user logs in, it is a session , Before you quit , All of its information is in the conversation ; The conversation can be normal JavaSE Environmental , It can also be like this Web Environmental ;

Cryptography: encryption , Protect data security , For example, the password is encrypted and stored in the database , Not plain text storage ;

Web Support:Web support , It can be easily integrated into the Web Environmental Science ;

Caching: cache , For example, after the user logs in , Its user information , The role you have / Permissions don't have to be checked every time , This can improve efficiency ;

Concurrency:shiro Concurrent verification for multithreaded applications , That is, to start another thread in one thread , It can automatically propagate permissions ;

Testing: Provide test support ;

Run As: Allow one user to pretend to be another user ( If they allow it ) Access as ;

Remember Me: Remember me , This is a very common feature , After one login , Don't log in next time .

Remember that ,Shiro I don't want to maintain users , Maintenance Authority ; These need to be designed by ourselves / provide ; And then inject it through the corresponding interface Shiro that will do .

 

Apache Shiro Three core components of :

1,Subject : Actions of current user

2,SecurityManager: Used to manage all Subject

3,Realms: Used to verify permission information

 

Authentication and Authorization

stay shiro In the process of user authority authentication, it is realized by two methods :

1,Authentication: It's the process of verifying the user's identity .

2,Authorization: It's authorization access control , It is used to authorize the user's operation , Verify that the user is allowed to perform the current operation , For example, visit a link , A resource file, etc .

 

Other components :

In addition to the above components ,Shiro There are several other components :

1,SessionManager :Shiro It provides a session programming paradigm for any application .

2,CacheManager : Yes Shiro Other components of provide caching support . 

 

Shiro Workflow

That is to say, for us , The simplest one Shiro application :

1, Application code passed Subject For authentication and authorization , and Subject And entrusted to SecurityManager;

2, We need to give Shiro Of SecurityManager injection Realm, So that SecurityManager Can get legal users and their permissions to judge .

Technology