Apache Shiro is a security framework for Java. Shiro can be very easy to develop a good enough application, not only can be used in the javase environment, but also can be used in the Java EE environment.
The basic function points are as follows:
Authentication : identity Authentication/login, verify that the user has the corresponding identity;
Authorization : authorization, which is authentication of permissions, verifies that a authenticated user has a permission, that is, whether a user can do something, as usual: Verifying that a user has a role. or fine-grained verification that a user has a certain permission on a resource;
Session Manager : session management, that is, after the user logs on is a session, before exiting, all its information is in the session, the session can be normal javase environment, or it can be a web environment;
Cryptography : encryption, protection of data security, such as password encryption stored in the database, rather than plaintext storage;
Web Support : Web support, can be very easy to integrate into the web environment;
Caching: Cache, such as user login, its user information, the role/permissions do not need to check every time, this can improve efficiency;
Concurrency :Shiro supports concurrent authentication for multi-threaded applications, such as opening another thread in one thread to automatically propagate the past;
Testing : provide testing support;
Run as : allows one user to pretend to access the identity of another user (if they allow it);
Remember Me : Remember me, this is a very common feature, that is, once logged in, the next time you come back without logging in.
Apache Shiro Learning---Introduction