Shiro What can be done ?
Shiro It can help us finish it : authentication , to grant authorization , encryption , session management , And Web integrate , Cache, etc
shiro What are the components ?
Authentication: identity authentication / Sign in , Verify whether the user has the corresponding identity ;
Authorization: to grant authorization , That is authority verification , Verify that an authenticated user has a permission ; That is to judge whether the user can do something , Common examples are : Verify that a user has a role . Or fine-grained verification of whether a user has certain permissions on a resource ;
Session
Manager: session management , That is, after the user logs in, it is a session , Before you quit , All of its information is in the conversation ; The conversation can be normal JavaSE Environmental , It can also be like this Web Environmental ;
Cryptography: encryption , Protect data security , For example, the password is encrypted and stored in the database , Not plain text storage ;
Web Support:Web support , It can be easily integrated into the Web Environmental Science ;
Caching: cache , For example, after the user logs in , Its user information , The role you have / Permissions don't have to be checked every time , This can improve efficiency ;
Concurrency:shiro Concurrent verification for multithreaded applications , That is, to start another thread in one thread , It can automatically propagate permissions ;
Testing: Provide test support ;
Run As: Allow one user to pretend to be another user ( If they allow it ) Access as ;
Remember Me: Remember me , This is a very common feature , After one login , Don't log in next time .
Remember that ,Shiro I don't want to maintain users , Maintenance Authority ; These need to be designed by ourselves / provide ; And then inject it through the corresponding interface Shiro that will do .
Apache Shiro Three core components of :
1,Subject : Actions of current user
2,SecurityManager: Used to manage all Subject
3,Realms: Used to verify permission information
Authentication and Authorization
stay shiro In the process of user authority authentication, it is realized by two methods :
1,Authentication: It's the process of verifying the user's identity .
2,Authorization: It's authorization access control , It is used to authorize the user's operation , Verify that the user is allowed to perform the current operation , For example, visit a link , A resource file, etc .
Other components :
In addition to the above components ,Shiro There are several other components :
1,SessionManager :Shiro It provides a session programming paradigm for any application .
2,CacheManager : Yes Shiro Other components of provide caching support .
Shiro Workflow
That is to say, for us , The simplest one Shiro application :
1, Application code passed Subject For authentication and authorization , and Subject And entrusted to SecurityManager;
2, We need to give Shiro Of SecurityManager injection Realm, So that SecurityManager Can get legal users and their permissions to judge .
Technology