recently, because of the need to start learning Shiro framework. This was the first secure framework I contacted because I had not learned anything else, so there was no comparable item here. So this framework is good or bad, for the moment, just study. This blog will summarize the contents of the Shiro framework. If you see very faint words, no relationship to know first, follow-up blog will be explained in more detail.
IntroductionShiro is an open source security framework that provides the relevant security management capabilities for authentication, authorization, encryption, and session management. The four top-level components of Shiro correspond to each security management function. The blue part is Shiro's extensibility support, which is not much introduced here.
- Authentication: Authentication is the process of proving the user "who" they are.
- Authorization: Access control, when the user "who" has been identified, access control needs to determine "who" can "what"
- Session Management: Conversation Management
- Cryptography: Encryption
Key Concepts
- Subject: is a specific security "view" of the current user, where the user does not just refer to a person, but also includes a third-party service. In other words, subject refers to anything that is currently interacting with the software.
- SecurityManager: Is the Shiro architecture of the heart, and as a "total control" to coordinate internal security components together constitute a safe control of the air energy.
- Realm: A bridge between the Shiro and the database, and the data required by Shiro is obtained through this class. It is actually a DAO that encapsulates the details of the data source.
The core framework concept of Shiro
This diagram clearly reflects the relationship between the SecurityManager and the individual components.
Apache Shiro (1)-Getting Started