Shulou(Shulou.com)06/01 Report--

How to use the Shiro framework in Apache? Many novices are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can gain something.

What is Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that provides authentication, authorization, encryption, and session management functions:

authentication-user identification, often referred to as user "login"

authorization-access control

password encryption-protect or hide data from peeping

session management-time-sensitive state related to each user.

For any application, Shiro can provide comprehensive security management services. And Shiro is much simpler than other security frameworks.

II. Introduction to the architecture of Shiro

First, let's take a look at the three core components of Shiro: Subject, SecurityManager and Realms. As shown below:

Subject: "current operation user". However, in Shiro, the concept of Subject does not refer only to people, but also to third-party processes, back-end accounts (Daemon Account), or other similar things. It just means "what currently interacts with the software". But for most purposes and uses, you can think of it as Shiro's "user" concept.

Subject represents the security operations of current users, while SecurityManager manages the security operations of all users.

SecurityManager: it is the core of the Shiro framework, a typical Facade pattern, Shiro manages internal component instances through SecurityManager, and provides various security management services through it.

Realm: Realm acts as a "bridge" or "connector" between Shiro and application security data. That is, when authentication (login) and authorization (access control) authentication are performed on a user, Shiro looks up the user and their permission information from the Realm configured by the application.

In this sense, Realm is essentially a security-related DAO: it encapsulates the connection details of the data source and provides the relevant data to the Shiro when needed. When configuring Shiro, you must specify at least one Realm for authentication and / or authorization. It is possible to configure multiple Realm, but at least one is required.

Shiro has built-in Realm that can connect to a large number of secure data sources (aka directories), such as LDAP, relational database (JDBC), INI-like text configuration resources, and property files. If the default Realm does not meet the requirements, you can also insert your own Realm implementation that represents a custom data source.

Complete architecture diagram of Shiro:

In addition to the three core components of Subject, SecurityManager and Realm mentioned above, the main components of Shiro include:

Authenticator: authentication is the process of verifying a user's identity. A common example of this process is the familiar "user / password" combination. When most users log in to the software system, they usually provide their own user name (party) and password (certificate) that supports them. If the password (or password representation) stored in the system matches the one provided by the user, they are considered authenticated.

Authorizer: authorization is essentially access control-controlling what content in the application users can access, such as resources, Web pages, and so on.

SessionManager: in the area of security frameworks, Apache Shiro provides something unique: Session API can be used consistently at any application or architectural layer. That is, Shiro provides a session programming paradigm for any application-from small background stand-alone applications to large cluster Web applications. This means that application developers who want to use sessions are not forced to use Servlet or EJB containers. Or, if you are using these containers, developers can now choose to use a consistent session API at any layer instead of the Servlet or EJB mechanism.

CacheManager: provides caching support for other components of Shiro.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.