Shiro is a powerful, easy-to-use Java security framework.
Enable authentication, authorization, encryption, session management
Primary concerns:authentication, Authorization, cryptography, Session Manager
Supporting Features:web support, caching cache, concurrency concurrency, testing, Run as thread, remember me remember password
Shiro Main architecture
1. Subject, currently participating in the Application Security section of the protagonist, can be a user, or a third-party service, or cron task (scheduled Task), or other.
The main expression is something that is interacting with the current software, and all subject need to be securitymanager, because these interactions are translated into interactions with SecurityManager.
2. SecurityManager, security Administrator.
The core of Shiro. But once configured, using less, developers spend most of their time on subject.
3. Realms field, is the connection Bridge of Shiro and user's application.
When it comes to interacting with secure data, like user accounts, access control, Shiro is found in one or more realms.
In addition, Shiro provides some realms that can be used directly, and can be customized if the default realms does not meet your needs.
An easy-to-use Apache Shiro framework and a complex and complete springboot security framework