Shulou(Shulou.com)06/03 Report--

This article mainly explains "what is Shiro". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is Shiro".

Shiro introduction

The full name of the Shiro project is Apache Shiro, followed by Shiro, which is a security framework, which is described on the Shiro official website as follows:

Apache Shiro ™is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro's easy-to-understand API, you can quickly and easily secure any application-from the smallest mobile applications to the largest web and enterprise applications.

From: https://shiro.apache.org/

In this introduction, you can see that Shiro is a powerful and easy-to-use Java security framework that includes authentication, authorization, encryption, and session management functions. And Shiro has an easy-to-understand API that can quickly and easily protect any application.

Why use Shiro

This section explains why you use the Shiro framework, and the main reasons for using Shiro include the following:

Easy to use: because of the easy-to-understand API definition and excellent abstraction in Shiro, it is very easy for developers to use Shiro.

Comprehensive: Shiro provides various basic model definitions of authority authentication and abstracts them to cover relatively comprehensive content.

Flexibility: Shiro can perform work in almost any program environment, including but not limited to Spring, EJB, etc., in Java development.

Shiro processing flow

This section provides a brief description of the processing flow of Shiro. The following figure can be found in the official Shiro documentation:

From: https://shiro.apache.org/architecture.html

In the figure above, you can see that the overall processing flow in Shiro is composed of Subject objects, SecurityManager objects, and Realm objects.

The Subject object can be understood as a user.

The SecurityManager object can be understood as a security manager, and the main purpose is to manage Subject objects.

The Realm object can be understood as a permission resource.

Shiro Architecture description

This section describes the architecture of Shiro, and the following figure can be found in the official documentation of Shiro.

From: https://shiro.apache.org/architecture.html

In the figure above, you can see that the Shiro architecture is divided into the following contents:

Subject: theme. It is usually the user.

Security Manager: security Manager, which is the core of the entire Shiro

Authenticator: authenticator.

Authentication Strategy: authentication policy.

Authorizer: authorizer.

SessionManager:Session Manager.

SessionDAO:Session persistent operation

CacheManager: cache Manager

Cryptography: cryptography-related content, mainly responsible for encryption and decryption.

Realms: domain, permission.

The main objects in Shiro are the above eight, which are often used in the subsequent development process, and they make up the various functions of Shiro.

Authentication sequence

The basic authentication process of Shiro is described below. The following images can be seen on Shiro's official website:

From: https://shiro.apache.org/authentication.html

From the figure above, you can see that the authentication process for Shiro consists of five steps:

The application calls the Subject.login method to take token as the parameter component Subject object.

Pass the Subject object you got in step 1 to SecurityManager.

In SecurityManager, the authentication is handed over to the Authenticator object.

In Authenticator, the specific processing is actually handled by the AuthenticationStrategy authentication strategy.

In the AuthenticationStrategy processing process, go back to look for Realm data information to authenticate it.

Authorization order

The basic authorization process of Shiro is described below. The following images can be seen on Shiro's official website:

From: https://shiro.apache.org/authorization.html

From the figure above, you can see that the authorization process for Shiro consists of four steps:

The Subject object calls the isPermitted*, hasRole*, checkRole*, or checkPermission* methods.

SecurityManager determines the authorization, and the specific processing will be delegated to the Authorizer class.

Realm-related operations are relied on during Authorizer processing.

Realm checks the configuration.

The first Shiro program

In the previous article to do some basic concepts of Shiro introduction, this section will use Shiro to build a simple use case, mainly to achieve authentication-related processing operations. After confirming the target, you need to first select the version of Shiro. During the writing of this article, the version of Shiro was updated to 1.7.1. The specific maven dependencies are as follows:

Org.apache.shiro shiro-core 1.7.1

Specific information about the version of JDK is as follows:

Openjdk version "1.8.0282" OpenJDK Runtime Environment Corretto-8.282.08.1 (build 1.8.0_282-b08) OpenJDK 64-Bit Server VM Corretto-8.282.08.1 (build 25.282-b08, mixed mode)

After completing this basic technical selection, you need to create a project. In this example, maven is used for management. The specific POM file is as follows:

Shiro-book com.github.huifer 1.0-SNAPSHOT 4.0.0 just-shiro 8 8 org.apache.shiro shiro-core 1.7.1 src/main/resources * * / .ini

Note: the father-son project is used here. If you do not use the father-son project, please directly use the following two dependencies

Org.apache.shiro shiro-core 1.7.1 src/main/resources * * / .ini

After the project is created, you need to write a configuration file, which is used to store the account password. The file name can be set arbitrarily. In this example, the file name is shiro.ini, which needs to be placed under the resources folder. The details are as follows:

[users] admin=adminuserAdd=userAdd

Two users are defined in this file, with the user name on the left side of the equal sign and the password on the right side of the equal sign, which will be used in subsequent test cases. Let's write a test method with the following code:

Import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.mgt.DefaultSecurityManager;import org.apache.shiro.realm.text.IniRealm;import org.apache.shiro.subject.Subject;public class TestAuthenticator {public static void main (String [] args) {/ / 1. Create the security manager object DefaultSecurityManager securityManager = new DefaultSecurityManager (); / / 2. Set realm data securityManager.setRealm (new IniRealm ("classpath:shiro.ini")); / / 3. Set the security tool class related data SecurityUtils.setSecurityManager (securityManager); / / 4. Get the subject object Subject subject = SecurityUtils.getSubject () from the security utility class; / / 5. Create token UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken ("admin", "admin"); / / 6. Login / / authentication status boolean authenticated = subject.isAuthenticated (); System.out.println ("authentication status before login" + authenticated); subject.login (usernamePasswordToken); authenticated = subject.isAuthenticated (); System.out.println ("authentication status after login" + authenticated);}}

After writing the input code, you can try to change the code, and the execution result is as follows:

Authentication status before login false authentication status true after login

The main actions performed in this simple Shiro use case are as follows:

Create a default security manager object, which is actually SecurityManager in nature.

Set up Realm data, this example uses a static configuration.

Set the security manager in the security tool class.

Extract the Subject object from the security utility class.

Create a token, which is in the form of an account password.

To carry out the login operation, mainly execute the subject.login method, and the parameter is the token.

Through the above six actions, you can create a simple user login authentication. The following will simulate the user name error and password error to understand the two basic exceptions in Shiro. First, modify the user name of the first parameter in the UsernamePasswordToken constructor as follows:

UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken ("admin1", "admin")

After modification, the output of the program console is as follows:

Exception in thread "main" org.apache.shiro.authc.UnknownAccountException: Realm [org.apache.shiro.realm.text.IniRealm@5b80350b] was unable to find account data for the submitted AuthenticationToken [org.apache.shiro.authc.UsernamePasswordToken-admin1, rememberMe=false]. At org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication (ModularRealmAuthenticator.java:184) at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate (ModularRealmAuthenticator.java:273) at org.apache.shiro.authc.AbstractAuthenticator.authenticate (AbstractAuthenticator.java:198) at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate (AuthenticatingSecurityManager.java:106) at org.apache.shiro.mgt.DefaultSecurityManager.login (DefaultSecurityManager.java:275) at Org.apache.shiro.subject.support.DelegatingSubject.login (DelegatingSubject.java:260) at com.github.huifer.shiro.TestAuthenticator.main (TestAuthenticator.java:31)

At this point, you can find that an exception has occurred, which indicates a user name error, specifically, the exception object is UnknownAccountException. The following is to simulate the exception of a password error and arbitrarily modify the password of the second parameter in the UsernamePasswordToken constructor. The modified content is as follows:

UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken ("admin", "admin1")

After modification, the output of the program console is as follows:

Exception in thread "main" org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken-admin, rememberMe=false] did not match the expected credentials. At org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch (AuthenticatingRealm.java:603) at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo (AuthenticatingRealm.java:581) at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication (ModularRealmAuthenticator.java:180) at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate (ModularRealmAuthenticator.java:273) at org.apache.shiro.authc.AbstractAuthenticator.authenticate (AbstractAuthenticator.java:198) at Org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate (AuthenticatingSecurityManager.java:106) at org.apache.shiro.mgt.DefaultSecurityManager.login (DefaultSecurityManager.java:275) at org.apache.shiro.subject.support.DelegatingSubject.login (DelegatingSubject.java:260) at com.github.huifer.shiro.TestAuthenticator.main (TestAuthenticator.java:31)

At this point, you can find that an exception has occurred, which indicates a password verification error. The specific exception object is IncorrectCredentialsException.

Thank you for your reading, the above is the content of "what is Shiro", after the study of this article, I believe you have a deeper understanding of what is Shiro, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.