Shulou(Shulou.com)06/02 Report--

This article mainly explains "what are the core classes of Shiro". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn what are the core classes of Shiro.

One: SessionManager

1. Brief introduction

Shiro provides complete session management functions, independent of the underlying container, and can be used by both JavaSE applications and JavaEE applications.

SessionManager manages all Subject sessions in the application, including session creation, maintenance, deletion, invalidation, verification and so on.

2.SessionManager interface

Session start (SessionContext context); starts a new session based on the specified context initialization data

Session getSession (SessionKey key) throws SessionException

Retrieves the session based on the specified SessionKey, or returns null if it cannot be found. If a session is found, but the session is invalid (stopped or expired), a SessionException exception is thrown.

3.AbstractSessionManager implements SessionManager

Public void setGlobalSessionTimeout (long globalSessionTimeout)

Sets the global Session timeout, which defaults to 30 minutes. Setting to a negative number means that you will never time out.

4.AbstractValidatingSessionManager extends AbstractNativeSessionManager

Protected boolean sessionValidationSchedulerEnabled

Whether or not to perform Session verification

Protected long sessionValidationInterval

Time interval for Session verification. Default is one hour.

5.public class DefaultSessionManager extends AbstractValidatingSessionManager

Private boolean deleteInvalidSessions

Whether to delete invalid Session

6.public class DefaultWebSessionManager extends DefaultSessionManager

Private boolean sessionIdCookieEnabled

Whether to get sessionId from Cookie

Private boolean sessionIdUrlRewritingEnabled

Two: AuthenticationToken

AuthenticationToken is used to collect the identity (such as user name) and credentials (such as password) submitted by the user. Shiro will call the CredentialsMatcher object.

The doCredentialsMatch method matches the AuthenticationInfo object with the AuthenticationToken. If the match is successful, the Subject authentication is successful, otherwise the authentication fails.

In general, UsernamePasswordToken has been able to meet our needs. When we encounter a need to declare our own Token class, we can implement AuthenticationToken according to our requirements

HostAuthenticationToken or RememberMeAuthenticationToken.

Three: Realm

Realm is the data source for security verification data.

1.public interface Realm

String getName ()

Boolean supports (AuthenticationToken token)

AuthenticationInfo getAuthenticationInfo (AuthenticationToken token) throws AuthenticationException

Four: Subject and SubjectFactory

1.public interface Subject

A Subject represents a user of the application.

Object getPrincipal ()

Unique identification of Subject, such as user name, user ID, mobile phone number, etc.

PrincipalCollection getPrincipals ()

Boolean isPermitted (String permission)

Boolean isPermitted (Permission permission)

Boolean [] isPermitted (String... Permissions)

Boolean [] isPermitted (List permissions)

Void checkPermission (String permission) throws AuthorizationException

Void checkRole (String roleIdentifier) throws AuthorizationException

Void login (AuthenticationToken token) throws AuthenticationException

Boolean isAuthenticated ()

Boolean isRemembered ()

2.public interface WebSubject extends Subject, RequestPairSource

ServletRequest getServletRequest ()

ServletResponse getServletResponse ()

3.public class DelegatingSubject implements Subject

Protected PrincipalCollection principals

Protected boolean authenticated

Protected String host

Protected Session session

Protected boolean sessionCreationEnabled

Protected transient SecurityManager securityManager

4.public class WebDelegatingSubject extends DelegatingSubject implements WebSubject

5.public interface SubjectContext extends Map

SubjectContext organizes all the attributes that build the Subject together and passes them to a SubjectFactory to form a Subject. Exe.

6.public interface SubjectFactory

Subject createSubject (SubjectContext context)

Create Subject

7.public class DefaultSubjectFactory implements SubjectFactory

8.public class DefaultWebSubjectFactory extends DefaultSubjectFactory

Five: SecurityManager

1.public interface SecurityManager extends Authenticator, Authorizer, SessionManager

Subject login (Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException

Log in

Void logout (Subject subject)

Log out

Subject createSubject (SubjectContext context)

2.public abstract class CachingSecurityManager implements SecurityManager, Destroyable, CacheManagerAware, EventBusAware

Private CacheManager cacheManager

Private EventBus eventBus

3.public abstract class RealmSecurityManager extends CachingSecurityManager

Private Collection realms

Permission set realms

4.public abstract class AuthenticatingSecurityManager extends RealmSecurityManager

Private Authenticator authenticator

Concrete instance of SecurityManager used for authentication operation

5.public abstract class AuthorizingSecurityManager extends AuthenticatingSecurityManager

Private Authorizer authorizer

Specific examples of SecurityManager used to authorize operations

6.public abstract class SessionsSecurityManager extends AuthorizingSecurityManager

Private SessionManager sessionManager

SecurityManager is used to manage all concrete instances of Session.

7.public class DefaultSecurityManager extends SessionsSecurityManager

Protected RememberMeManager rememberMeManager

Remember the Seeion associated with the current Subject in the reference to avoid re-login

Protected SubjectDAO subjectDAO

Persistent storage of Subject

Protected SubjectFactory subjectFactory

Create a factory that applies Subject

8.public class DefaultWebSecurityManager extends DefaultSecurityManager implements WebSecurityManager

Boolean isHttpSessionMode ()

Whether to use the HttpSession of the Servlet container

Thank you for your reading, these are the contents of "what are the core classes of Shiro?" after the study of this article, I believe you have a deeper understanding of what the core classes of Shiro have, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.