Shulou(Shulou.com)06/01 Report--

What is Shiro?

Apache Shiro is a very easy-to-use Java security framework that provides authentication, authorization, encryption and Session control. Shiro is very lightweight and API is very easy to understand that you can use Shiro to do all the permission control from APP to enterprise applications.

Macro view

From a macro point of view, there are three important concepts in Shiro architecture: Subjct, SecurityManager, and Realms.

Subject

Subject is actually an abstract "user" of the executing user, which can refer to the natural person third-party service agent account or other.

Subject is bound to SecurityManager when we actually interact with SecurityManager when we interact with Subject.

SecurityManager

SecurityManager is the core of the Shiro rights architecture and maintains a series of security components internally. However, once we have configured it, what is really relevant to the user is the Subject interface.

When we operate on subject, we are actually operating on SecurityManager.

Realms

Reamls is the bridge between Shiro and the secure data of our application to realize the logic of user login and authorization in Realm.

From this point of view, Realms is actually a security domain DAO that encapsulates the relevant data and provides it to Shiro. When using Shiro, we must develop at least one Realms.

SecurityManager can be configured with multiple Realms but at least one.

Shiro already provides default DAO implementations such as LDAP and JDBC and we can also implement our own DAO such as using Redis.

Detail view

Subject (org.apache.shiro.subject.Subject)

Abstract users and third-party services from the security perspective of interacting with current software

SecurityManager (org.apache.shiro.mgt.SecurityManager)

The core of the Shiro security framework manages and coordinates its internal components like an umbrella to ensure its coordinated operation. It also maintains the Shiro role of each user, so it knows all the security actions of the user.

Authenticator (org.apache.shiro.authc.Authenticator)

The component responsible for performing and verifying user login behavior when a user attempts to log in this logic is performed by Authenticator. Authenticator knows how to coordinate one or more realms these realms hold user information. And the data in the realms is taken out to authenticate the user.

Authentication Strategy (org.apache.shiro.)

If multiple realmsAuthentication Strategy is configured, it will be responsible for coordinating the judgment logic of each Realms.

Authorizer (org.apache.shiro.authz.Authorizer)

Users control user access mainly to determine whether users can access certain resources. Similar to AuthenticatorAuthorizer, it also knows how to coordinate multiple data sources and determine whether these users can execute a given Action.

SessionManager (org.apache.shiro.session.mgt.SessionManager)

SessionManager knows how to create and manage user Session lifecycles to provide users with a robust Session experience. This mechanism is the originality of Shiro, even if it is not a Web project Shiro can provide a built-in Session mechanism.

SessionDao is responsible for accessing Session.

SessionDao (org.apache.shiro.session.mgt.eis.SessionDao)

SessionDao completes the CRUD operation of Session for SessionManager. It allows any Session to save Redis/Memcache/DB...

CacheManager (org.apache.shiro.cache.CacheManager)

Any existing cache product can be used to save the authentication data used by Shiro.

Cryptography (org.apache.shiro.crypto.*)

Encryption toolkits are used as needed

Realms (org.apache.shiro.realm.Realm)

Real security-related data such as accounts we can create as many Realm as we want.

Configure an instance

Shiro Configuration / bower_components/** = Anon / info/home/Vh2/**=anon / = anon / * * = authc

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.