Apache Shiro Manual (i) Introduction to Shiro architecture _linux

One, what is Shiro

The Apache Shiro is a powerful and Easy-to-use Java security framework that provides authentication, authorization, encryption, and session management capabilities:
Authentication-user identification, often referred to as user "login"; authorization-access control; password encryption-protects or hides data from peeping, session management-sensitive state per user-related time. For any one application, Shiro can provide comprehensive security management services. And compared to other security frameworks, Shiro is much simpler.

Ii. Introduction to the architecture of Shiro

First, take a look at the three core components of Shiro: Subject, SecurityManager, and realms. The following figure:

Subject: "Current Operation User". In Shiro, however, the concept of subject is not just a person, it can be a third-party process, a background account (Daemon), or something like that. It simply means "what is currently interacting with the software." But for most purposes and purposes, you can think of it as the "user" concept of Shiro.
Subject represents the security actions of the current user, and SecurityManager manages the security operations of all users.

SecurityManager: It is the core of the Shiro framework, the typical façade pattern, Shiro manages internal component instances through SecurityManager, and provides various services for security management through it.

Realm:realm acts as a "bridge" or "connector" between Shiro and application security data. That is, when a user performs authentication (login) and authorization (access control) validation, Shiro looks for users and their permissions information from the realm of the application configuration.
In this sense, realm is essentially a security-related DAO: It encapsulates the connection details of the data source and provides the relevant data to Shiro when needed. When configuring Shiro, you must specify at least one realm for authentication and/or authorization. Configuring multiple realm is possible, but requires at least one.
Shiro has built-in realm that can connect a large number of secure data sources (also known as directories), such as LDAP, relational database (JDBC), text configuration resources like INI, and property files. If the default realm does not meet the requirements, you can also insert your own realm implementation that represents the custom data source.


Shiro Complete Architecture diagram:


In addition to the three core components of subject, SecurityManager, and Realm mentioned earlier, Shiro major components include:
Authenticator: Authentication is the process of verifying the identity of the user. A common example of this process is the familiar "user/password" combination. Most users usually provide their own username (the client) and the password (certificate) to support them when they log on to the software system. If the password (or password) stored in the system matches the user's offer, they are considered authenticated.
Authorizer: Authorization is essentially access control-controlling what users can access in the application, such as resources, Web pages, and so on.
SessionManager: In the security framework area, Apache Shiro provides something unique: The session API can be used consistently at any application or architecture level. That is, Shiro provides a conversational programming paradigm for any application-from a small background to a large cluster Web application. This means that the application developers who want to use the session need not be forced to use a servlet or EJB container. Or, if you are using these containers, developers can now choose to use the session APIs that are consistent at any level to replace the servlet or EJB mechanism.
CacheManager: Provides caching support for other components of Shiro.